bRPC-Web: A Burp Suite Extension for gRPC-Web
Category:Industry News / Research & Tools
Compass Security released bRPC‑Web, a Burp Suite extension that decodes and edits gRPC‑Web payloads, enabling analysts to intercept binary Protobuf messages and iteratively test API behaviors. The tool aids testing when Protobuf schemas aren’t available by using heuristic decoding to approximate structures.
CORTEX Protocol Intelligence Assessment
Business Impact: Improves security coverage for modern API architectures using gRPC‑Web. Technical Context: Adds a gRPC‑Web tab in Burp Proxy/Repeater for human‑readable Protoscope views and edits.
Strategic Intelligence Guidance
- Incorporate gRPC‑Web testing in pentest scopes.
- Fuzz Protobuf fields for auth/logic bypasses.
- Add schema discovery to API inventory processes.
- Gate internet exposure for gRPC endpoints via WAF.
Vendors
Targets
Intelligence Source: bRPC-Web: A Burp Suite Extension for gRPC-Web - Compass Security Blog | Oct 22, 2025