How many of you will agree that @PortSwigger @PortSwiggerRes @burpsuite is the best #Web #AppSec #bugbounty Tool available on the internet?

This thread includes some of the best Burp Extensions, which I personally love.

#pentest #security #infosec #bugbounty
Turbo Intruder

Turbo Intruder is a Burp Suite extension for sending large numbers of HTTP requests and analyzing the results.
https://portswigger.net/bappstore/9abaa233088242e8be252cd4ff534988

#pentest #security #infosec #bugbounty
Turbo Intruder

Send large numbers of HTTP requests and analyze the results

https://portswigger.net/bappstore/9abaa233088242e8be252cd4ff534988
Retire.js
This extension integrates Burp with the Retire.js repository to find vulnerable JavaScript libraries.
https://portswigger.net/bappstore/36238b534a78494db9bf2d03f112265c

#pentest #security #infosec #bugbounty
Retire.js

Integrates with the Retire.js repository to find vulnerable JavaScript libraries.

https://portswigger.net/bappstore/36238b534a78494db9bf2d03f112265c
Param Miner
This extension identifies hidden, unlinked parameters. It's particularly useful for finding web cache poisoning vulnerabilities.
https://portswigger.net/bappstore/17d2949a985c4b7ca092728dba871943

#pentest #security #infosec #bugbounty
Param Miner

This extension identifies hidden, unlinked parameters. It's particularly useful for finding web cache poisoning vulnerabilities.

https://portswigger.net/bappstore/17d2949a985c4b7ca092728dba871943
J2EEScan
The goal of this extension is to improve the test coverage during web application penetration tests on J2EE applications.
https://portswigger.net/bappstore/7ec6d429fed04cdcb6243d8ba7358880

#pentest #security #infosec #bugbounty
J2EEScan

Adds scan checks focused on Java environments and technologies.

https://portswigger.net/bappstore/7ec6d429fed04cdcb6243d8ba7358880
HTTP Request Smuggler
This is an extension for Burp Suite designed to help you launch HTTP Request Smuggling attacks. It also aids exploitation by handling cumbersome offset-tweaking for you.
James Kettle
https://portswigger.net/bappstore/aaaa60ef945341e8a450217a54a11646

#pentest #security #infosec #bugbounty
HTTP Request Smuggler

Helps you launch HTTP Request Smuggling attacks, supports scanning for Request Smuggling vulnerabilities and also aids exploitation by handling cumbersome offset-tweaking for you

https://portswigger.net/bappstore/aaaa60ef945341e8a450217a54a11646
Flow
This extension provides a Proxy history-like view along with search filter capabilities for all Burp tools.
https://portswigger.net/bappstore/ee1c45f4cc084304b2af4b7e92c0a49d

#pentest #security #infosec #bugbounty
Flow

Provides request history view for all Burp tools.

https://portswigger.net/bappstore/ee1c45f4cc084304b2af4b7e92c0a49d
Error Message Checks
This extension passively reports detailed server error messages.
https://portswigger.net/bappstore/4f01db4b668c4126a68e4673df796f0f

#pentest #security #infosec #bugbounty
Error Message Checks

Passively detects detailed server error messages.

https://portswigger.net/bappstore/4f01db4b668c4126a68e4673df796f0f
Copy As Python-Requests
This extension copies selected request(s) as Python-Requests invocations.
https://portswigger.net/bappstore/b324647b6efa4b6a8f346389730df160

#pentest #security #infosec #bugbounty
Copy As Python-Requests

Copies selected request(s) as Python-Requests invocations.

https://portswigger.net/bappstore/b324647b6efa4b6a8f346389730df160
Content Type Converter
This extension converts data submitted within requests between various common formats.
https://portswigger.net/bappstore/db57ecbe2cb7446292a94aa6181c9278

#pentest #security #infosec #bugbounty
Content Type Converter

Converts JSON To XML, XML to JSON, body parameters to JSON, and body parameters to XML.

https://portswigger.net/bappstore/db57ecbe2cb7446292a94aa6181c9278
Command Injection Attacker
This extension is a customizable payload generator, best for detecting OS command injection flaws during dynamic testing - conducted with no access to the source code or the filesystem.
https://portswigger.net/bappstore/33e4402eee514724b768c0342abadb8a

#pentest #security #infosec #bugbounty
Command Injection Attacker

Customizable payload generator to detect and exploit command injection flaws during blind testing.

https://portswigger.net/bappstore/33e4402eee514724b768c0342abadb8a
Collaborator Everywhere
This extension augments your in-scope proxy traffic by injecting non-invasive headers designed to reveal backend systems by causing pingbacks to Burp Collaborator.
https://portswigger.net/bappstore/2495f6fb364d48c3b6c984e226c02968

#pentest #security #infosec #bugbounty
Collaborator Everywhere

Augments your proxy traffic by injecting non-invasive headers designed to reveal backend systems by causing pingbacks to Burp Collaborator.

https://portswigger.net/bappstore/2495f6fb364d48c3b6c984e226c02968
CO2
This extension contains various modules for enhancing Burp's capabiities.
https://portswigger.net/bappstore/c5071c7a7e004f72ae485e8a72911afc

#pentest #security #infosec #bugbounty
CO2

Adds various capabilities including SQL Mapper, User Generator and Prettier JS.

https://portswigger.net/bappstore/c5071c7a7e004f72ae485e8a72911afc
Bypass WAF
This extension add headers to all Burp requests to bypass some WAF products.
https://portswigger.net/bappstore/ae2611da3bbc4687953a1f4ba6a4e04c

#pentest #security #infosec #bugbounty
Bypass WAF

Adds headers useful for bypassing some WAF devices.

https://portswigger.net/bappstore/ae2611da3bbc4687953a1f4ba6a4e04c
Burp Bounty, Scan Check Builder
This BurpSuite extension allows you, in a quick way, to improve the active and passive BurpSuite scanner by means of personalized rules through a very intuitive graphical interface.
https://portswigger.net/bappstore/618f0b2489564607825e93eeed8b9e0a

#pentest #security #infosec #bugbounty
Burp Bounty, Scan Check Builder

Extend the Burp active and passive scanner by creating custom scan checks with an intuitive graphical interface.

https://portswigger.net/bappstore/618f0b2489564607825e93eeed8b9e0a
Backslash Powered Scanner
This extension complements Burp's active scanner by using a novel approach capable of finding and confirming both known and unknown classes of server-side injection vulnerabilities. https://portswigger.net/bappstore/9cff8c55432a45808432e26dbb2b41d8

#pentest #security #infosec #bugbounty
Backslash Powered Scanner

Finds unknown classes of injection vulnerabilities.

https://portswigger.net/bappstore/9cff8c55432a45808432e26dbb2b41d8
Autorize
Autorize is an extension aimed at helping the penetration tester to detect authorization vulnerabilities, one of the more time-consuming tasks in a web application penetration test.
https://portswigger.net/bappstore/f9bbac8c4acf4aefa4d7dc92a991af2f

#pentest #security #infosec #bugbounty
Autorize

Automatically detects authorization enforcement.

https://portswigger.net/bappstore/f9bbac8c4acf4aefa4d7dc92a991af2f
Asset Discovery
This extension discovers assets (domain, subdomain, IP, S3 bucket etc.) using passive scanning of HTTP responses and lists them as informational issues.
https://portswigger.net/bappstore/d927f0065171485981d6eb49a860fc3e

#pentest #security #infosec #bugbounty
Asset Discovery

Custom passive scan checks for asset discovery.

https://portswigger.net/bappstore/d927f0065171485981d6eb49a860fc3e
Additional Scanner Checks
This extension provides some additional passive Scanner checks.
https://portswigger.net/bappstore/a158fd3fc9394253be3aa0bc4c181d1f

#pentest #security #infosec #bugbounty
Additional Scanner Checks

Provides some additional passive Scanner checks.

https://portswigger.net/bappstore/a158fd3fc9394253be3aa0bc4c181d1f
Active Scan++
ActiveScan++ extends Burp Suite's active and passive scanning capabilities.
https://portswigger.net/bappstore/3123d5b5f25c4128894d97ea1acc4976

#pentest #security #infosec #bugbounty
Active Scan++

Extends Burp's active and passive scanning capabilities.

https://portswigger.net/bappstore/3123d5b5f25c4128894d97ea1acc4976
You can follow @infosec_scarlet.
Tip: mention @twtextapp on a Twitter thread with the keyword “unroll” to get a link to it.

Latest Threads Unrolled:
Those who think consciousness raising & movement building are disconnected, or even a distraction from electoral politics have not paid attention to the history of social change.In this thread, we
Read more
The 2020s will be known as the Remote Work decadeA few predictions of what is likely to emerge[ a thread ] Third Space: Office and Working from Home will
Read more
1/29: Have you ever had a concept explained to you that helps frame complex issues you’ve been wrestling with and opens your eyes to new possibilities? A concept that I
Read more
By continuing to use the site, you are consenting to the use of cookies as explained in our Cookie Policy to improve your experience.