How many of you will agree that @PortSwigger @PortSwiggerRes @burpsuite is the best #Web #AppSec #bugbounty Tool available on the internet?
This thread includes some of the best Burp Extensions, which I personally love.
#pentest #security #infosec #bugbounty
This thread includes some of the best Burp Extensions, which I personally love.
#pentest #security #infosec #bugbounty
Turbo Intruder
Turbo Intruder is a Burp Suite extension for sending large numbers of HTTP requests and analyzing the results.
https://portswigger.net/bappstore/9abaa233088242e8be252cd4ff534988
#pentest #security #infosec #bugbounty
Turbo Intruder is a Burp Suite extension for sending large numbers of HTTP requests and analyzing the results.
https://portswigger.net/bappstore/9abaa233088242e8be252cd4ff534988
#pentest #security #infosec #bugbounty
Retire.js
This extension integrates Burp with the Retire.js repository to find vulnerable JavaScript libraries.
https://portswigger.net/bappstore/36238b534a78494db9bf2d03f112265c
#pentest #security #infosec #bugbounty
This extension integrates Burp with the Retire.js repository to find vulnerable JavaScript libraries.
https://portswigger.net/bappstore/36238b534a78494db9bf2d03f112265c
#pentest #security #infosec #bugbounty
Param Miner
This extension identifies hidden, unlinked parameters. It's particularly useful for finding web cache poisoning vulnerabilities.
https://portswigger.net/bappstore/17d2949a985c4b7ca092728dba871943
#pentest #security #infosec #bugbounty
This extension identifies hidden, unlinked parameters. It's particularly useful for finding web cache poisoning vulnerabilities.
https://portswigger.net/bappstore/17d2949a985c4b7ca092728dba871943
#pentest #security #infosec #bugbounty
J2EEScan
The goal of this extension is to improve the test coverage during web application penetration tests on J2EE applications.
https://portswigger.net/bappstore/7ec6d429fed04cdcb6243d8ba7358880
#pentest #security #infosec #bugbounty
The goal of this extension is to improve the test coverage during web application penetration tests on J2EE applications.
https://portswigger.net/bappstore/7ec6d429fed04cdcb6243d8ba7358880
#pentest #security #infosec #bugbounty
HTTP Request Smuggler
This is an extension for Burp Suite designed to help you launch HTTP Request Smuggling attacks. It also aids exploitation by handling cumbersome offset-tweaking for you.
James Kettle
https://portswigger.net/bappstore/aaaa60ef945341e8a450217a54a11646
#pentest #security #infosec #bugbounty
This is an extension for Burp Suite designed to help you launch HTTP Request Smuggling attacks. It also aids exploitation by handling cumbersome offset-tweaking for you.
James Kettle
https://portswigger.net/bappstore/aaaa60ef945341e8a450217a54a11646
#pentest #security #infosec #bugbounty
Flow
This extension provides a Proxy history-like view along with search filter capabilities for all Burp tools.
https://portswigger.net/bappstore/ee1c45f4cc084304b2af4b7e92c0a49d
#pentest #security #infosec #bugbounty
This extension provides a Proxy history-like view along with search filter capabilities for all Burp tools.
https://portswigger.net/bappstore/ee1c45f4cc084304b2af4b7e92c0a49d
#pentest #security #infosec #bugbounty
Error Message Checks
This extension passively reports detailed server error messages.
https://portswigger.net/bappstore/4f01db4b668c4126a68e4673df796f0f
#pentest #security #infosec #bugbounty
This extension passively reports detailed server error messages.
https://portswigger.net/bappstore/4f01db4b668c4126a68e4673df796f0f
#pentest #security #infosec #bugbounty
Copy As Python-Requests
This extension copies selected request(s) as Python-Requests invocations.
https://portswigger.net/bappstore/b324647b6efa4b6a8f346389730df160
#pentest #security #infosec #bugbounty
This extension copies selected request(s) as Python-Requests invocations.
https://portswigger.net/bappstore/b324647b6efa4b6a8f346389730df160
#pentest #security #infosec #bugbounty
Content Type Converter
This extension converts data submitted within requests between various common formats.
https://portswigger.net/bappstore/db57ecbe2cb7446292a94aa6181c9278
#pentest #security #infosec #bugbounty
This extension converts data submitted within requests between various common formats.
https://portswigger.net/bappstore/db57ecbe2cb7446292a94aa6181c9278
#pentest #security #infosec #bugbounty
Command Injection Attacker
This extension is a customizable payload generator, best for detecting OS command injection flaws during dynamic testing - conducted with no access to the source code or the filesystem.
https://portswigger.net/bappstore/33e4402eee514724b768c0342abadb8a
#pentest #security #infosec #bugbounty
This extension is a customizable payload generator, best for detecting OS command injection flaws during dynamic testing - conducted with no access to the source code or the filesystem.
https://portswigger.net/bappstore/33e4402eee514724b768c0342abadb8a
#pentest #security #infosec #bugbounty
Collaborator Everywhere
This extension augments your in-scope proxy traffic by injecting non-invasive headers designed to reveal backend systems by causing pingbacks to Burp Collaborator.
https://portswigger.net/bappstore/2495f6fb364d48c3b6c984e226c02968
#pentest #security #infosec #bugbounty
This extension augments your in-scope proxy traffic by injecting non-invasive headers designed to reveal backend systems by causing pingbacks to Burp Collaborator.
https://portswigger.net/bappstore/2495f6fb364d48c3b6c984e226c02968
#pentest #security #infosec #bugbounty
CO2
This extension contains various modules for enhancing Burp's capabiities.
https://portswigger.net/bappstore/c5071c7a7e004f72ae485e8a72911afc
#pentest #security #infosec #bugbounty
This extension contains various modules for enhancing Burp's capabiities.
https://portswigger.net/bappstore/c5071c7a7e004f72ae485e8a72911afc
#pentest #security #infosec #bugbounty
Bypass WAF
This extension add headers to all Burp requests to bypass some WAF products.
https://portswigger.net/bappstore/ae2611da3bbc4687953a1f4ba6a4e04c
#pentest #security #infosec #bugbounty
This extension add headers to all Burp requests to bypass some WAF products.
https://portswigger.net/bappstore/ae2611da3bbc4687953a1f4ba6a4e04c
#pentest #security #infosec #bugbounty
Burp Bounty, Scan Check Builder
This BurpSuite extension allows you, in a quick way, to improve the active and passive BurpSuite scanner by means of personalized rules through a very intuitive graphical interface.
https://portswigger.net/bappstore/618f0b2489564607825e93eeed8b9e0a
#pentest #security #infosec #bugbounty
This BurpSuite extension allows you, in a quick way, to improve the active and passive BurpSuite scanner by means of personalized rules through a very intuitive graphical interface.
https://portswigger.net/bappstore/618f0b2489564607825e93eeed8b9e0a
#pentest #security #infosec #bugbounty
Backslash Powered Scanner
This extension complements Burp's active scanner by using a novel approach capable of finding and confirming both known and unknown classes of server-side injection vulnerabilities. https://portswigger.net/bappstore/9cff8c55432a45808432e26dbb2b41d8
#pentest #security #infosec #bugbounty
This extension complements Burp's active scanner by using a novel approach capable of finding and confirming both known and unknown classes of server-side injection vulnerabilities. https://portswigger.net/bappstore/9cff8c55432a45808432e26dbb2b41d8
#pentest #security #infosec #bugbounty
Autorize
Autorize is an extension aimed at helping the penetration tester to detect authorization vulnerabilities, one of the more time-consuming tasks in a web application penetration test.
https://portswigger.net/bappstore/f9bbac8c4acf4aefa4d7dc92a991af2f
#pentest #security #infosec #bugbounty
Autorize is an extension aimed at helping the penetration tester to detect authorization vulnerabilities, one of the more time-consuming tasks in a web application penetration test.
https://portswigger.net/bappstore/f9bbac8c4acf4aefa4d7dc92a991af2f
#pentest #security #infosec #bugbounty
Asset Discovery
This extension discovers assets (domain, subdomain, IP, S3 bucket etc.) using passive scanning of HTTP responses and lists them as informational issues.
https://portswigger.net/bappstore/d927f0065171485981d6eb49a860fc3e
#pentest #security #infosec #bugbounty
This extension discovers assets (domain, subdomain, IP, S3 bucket etc.) using passive scanning of HTTP responses and lists them as informational issues.
https://portswigger.net/bappstore/d927f0065171485981d6eb49a860fc3e
#pentest #security #infosec #bugbounty
Additional Scanner Checks
This extension provides some additional passive Scanner checks.
https://portswigger.net/bappstore/a158fd3fc9394253be3aa0bc4c181d1f
#pentest #security #infosec #bugbounty
This extension provides some additional passive Scanner checks.
https://portswigger.net/bappstore/a158fd3fc9394253be3aa0bc4c181d1f
#pentest #security #infosec #bugbounty
Active Scan++
ActiveScan++ extends Burp Suite's active and passive scanning capabilities.
https://portswigger.net/bappstore/3123d5b5f25c4128894d97ea1acc4976
#pentest #security #infosec #bugbounty
ActiveScan++ extends Burp Suite's active and passive scanning capabilities.
https://portswigger.net/bappstore/3123d5b5f25c4128894d97ea1acc4976
#pentest #security #infosec #bugbounty