#burpsuite

nuclei-burp-plugin
sponsor
nuclei-burp-plugin

A Burp Suite plugin intended to help with Nuclei template generation.

Dangerous Methods
featured
Dangerous Methods

A Burp Suite extension for finding the use of potentially dangerous methods/functions.

JSONBeautifier
featured
JSONBeautifier

JSON Beautifier for Burp written in Java.

Redacted Request
Redacted Request

Enhance the security and confidentiality of HTTP request handling within the Burp Suite.

Burp-Encode-IP
Burp-Encode-IP

Burp Suite extension to encode an IP address focused to bypass application IP/domain blacklist.

Scavenger
Scavenger

Burp Suite extension to create target specific and tailored wordlist from burp history.

GatherContacts
GatherContacts

Burp Suite extension to pull employee names from Google and Bing LinkedIn search results.

BurpGPT
BurpGPT

A Burp Suite extension that integrates OpenAI's GPT to perform an additional passive scan.

AndroSet
AndroSet

Manage Burp Suite certificate in Android to redirect all traffic to Burp Suite.

co2
co2

A collection of enhancements for Portswigger's popular Burp Suite web penetration testing tool.

json-web-tokens
json-web-tokens

JSON Web Tokens Support for Burp Suite.

403-bypasser
403-bypasser

A Burp Suite extension made to automate the process of bypassing 403 pages.

additional-scanner-checks
additional-scanner-checks

Collection of scanner checks missing in Burp.

csrf-scanner
csrf-scanner

CSRF Scanner Extension for Burp Suite Pro.

JSpector
JSpector

Burp Suite extension to crawl JS files in passive mode and display the results on the issues.

Pentest Mapper
Pentest Mapper

Burp Suite extension for application pentest to write test cases and map flows and vulnerabilities.

PyCript
PyCript

Bypass client-side encryption using custom logic for testing with Python and NodeJS.

PwnFox
PwnFox

A Firefox/Burp Suite extension that provide usefull tools for your security audit.

Agartha
Agartha

Burp Suite extension for dynamic payload generation to detect injection flaws.

Highlighter and Extractor
Highlighter and Extractor

Collect, categorize and highlight requests and/or responses according to their content.

burp-exporter
burp-exporter

Copy a Burp Suite request to a file or the clipboard as multiple programming languages functions.

Trishul
Trishul

Burp Suite Extension to hunt for common vulnerabilities found in websites.

ATOR
ATOR

Authentication Token Obtain and Replace Extender.

safecopy
safecopy

Burp Extension for copying requests safely.

malicious-pdf
malicious-pdf

Generates a bunch of malicious pdf files with phone-home functionality.

cstc
cstc

Burp Suite extension that allows request/response modification using a GUI.

H1 Report Finder
H1 Report Finder

A burpsuite extension to find security reports published on HackerOne based on the selected host.

Request Highlighter
Request Highlighter

Burp Suite extension that automatically highlights different HTTP requests.

BurpSuiteHTTPSmuggler
BurpSuiteHTTPSmuggler

A Burp Suite extension to bypass WAFs or test their effectiveness using a number of techniques.

domain_hunter
domain_hunter

Try to find all subdomains, similar-domains and related-domains of an organization.

Burp NTLM Challenge Decoder
Burp NTLM Challenge Decoder

Burp extension to decode NTLM SSP headers and extract domain/host information.

Freddy Deserialization Bug Finder
Freddy Deserialization Bug Finder

A Burp Suite extension to aid in detecting and exploiting serialisation libraries/APIs.

SqlmapDnsCollaborator
SqlmapDnsCollaborator

Lets you use Burp Collaborator as a DNS server for exfiltrating data via Sqlmap.

bypasswaf
bypasswaf

Add headers to all Burp requests to bypass some WAF products.

AWS security checks
AWS security checks

This Burp Suite provides additional Scanner checks for AWS security issues.

BurpSmartBuster
BurpSmartBuster

A Burp Suite content discovery plugin that add the smart into the Buster.

burp-vulners-scanner
burp-vulners-scanner

Vulnerability scanner based on vulners.com search API.

Auth Analyzer
Auth Analyzer

The Burp extension helps you to find authorization bugs.

AuthMatrix
AuthMatrix

Provides a simple way to test authorization in web applications and web services.

OpenAPI
OpenAPI

Parse OpenAPI specifications into the BurpSuite for automating RESTful API testing.

Burp Extender API
Burp Extender API

Burp Extender API.

Burp WP
Burp WP

Find known vulnerabilities in WordPress plugins and themes, WPScan like plugin for Burp.

sqlipy
sqlipy

Python plugin for Burp Suite that integrates SQLMap using the SQLMap API.

HTTPoxy Scanner
HTTPoxy Scanner

A Burp Suite extension that checks for the HTTPoxy vulnerability.

Stepper
Stepper

A natural evolution of Burp Suite's Repeater tool.

JWT4B
JWT4B

JWT Support for Burp Suite.

Dastardly Scan Action
Dastardly Scan Action

Runs a scan using Dastardly by Burp Suite against a target site and generates a report.

Replicator
Replicator

Burp Suite extension to help developers replicate findings from pentests.

scan-check-builder
scan-check-builder

Burp Suite extension which helps to improve the active and passive scanner by yourself.

Distribute Damage
Distribute Damage

Evenly distributes scanner load across targets.

J2EEScan
J2EEScan

Improve the test coverage during web application penetration tests on J2EE applications.

Hackvertor
Hackvertor

Tag based conversion tool written in Java implemented as a Burp Suite extension.

Collaborator Everywhere
Collaborator Everywhere

Burp Suite extension which injects non-invasive headers to reveal backend systems.

HTTP Request Smuggler
HTTP Request Smuggler

Extension for Burp Suite designed to help you launch HTTP Request Smuggling attacks.

Hackability
Hackability

Probe a rendering engine for vulnerabilities and other features.

UploadScanner
UploadScanner

HTTP file upload scanner for Burp Proxy.

Autowasp
Autowasp

A one-stop pentesting checklist and logger tool.

OAUTHScan
OAUTHScan

Burp Suite Extension useful to verify OAUTHv2 and OpenID security.

IPRotate
IPRotate

Extension for Burp Suite which uses AWS API Gateway to rotate your IP on every request.

JOSEPH
JOSEPH

JavaScript Object Signing and Encryption Pentesting Helper.

Shelling
Shelling

A comprehensive OS command injection payload generator.

authz
authz

Burp Suite plugin to test for authorization flaws.

BurpBeautifier
BurpBeautifier

Burpsuite extension for beautifying request/response body.

Logger++
Logger++

Log activities of all the tools in Burp Suite.

WSDL Wizard
WSDL Wizard

Burp Suite plugin to detect current and discover new WSDL files.

Headless Burp
Headless Burp

Provides a suite of extensions and a maven plugin to automate security tests using Burp Suite.

BurpSentinel
BurpSentinel

GUI Burp Plugin to ease discovering of security holes in web applications.

AutoRepeater
AutoRepeater

Automated HTTP request repeating with Burp Suite.

Flow
Flow

Provides view with filtering capabilities for all requests from all Burp Suite tools.

ActiveScan++
ActiveScan++

Extends Burp Suite's active and passive scanning capabilities.

backslash-powered-scanner
backslash-powered-scanner

Finds unknown classes of injection vulnerabilities.

Burp-AnonymousCloud
Burp-AnonymousCloud

Performs passive scan to identify buckets and test them for publicly accessible vulnerabilities.

jwt-heartbreaker
jwt-heartbreaker

Burp Suite extension to check JWT for using keys from known from public sources.

rexsser
rexsser

Burp Suite plugin that extracts keywords from response using and test for reflected XSS.

Xss-Sql-Fuzz
Xss-Sql-Fuzz

Burp Suite plugin for XSS and SQLi which add our payload to all parameters with one click.

xssValidator
xssValidator

A Burp Intruder extender designed for automation and validation of XSS vulnerabilities.

Femida
Femida

Automated blind-xss search for Burp Suite.

BitBlinder
BitBlinder

Injects custom XSS payloads on every form/request submitted to detect blind XSS.

SQLTruncSanner
SQLTruncSanner

Messy BurpSuite plugin for SQL Truncation vulnerabilities.

Burp-to-SQLMap
Burp-to-SQLMap

Performing SQLInjection test on Burp Suite Bulk Requests using SQLMap.

MSSQLi-DUET
MSSQLi-DUET

SQL injection script for Microsoft SQL Server.

SleuthQL
SleuthQL

Burp History parsing tool to discover potential SQL injection points.

Turbo Intruder
Turbo Intruder

Burp Suite extension for sending large numbers of HTTP requests and analyzing the results.

Autorize
Autorize

Automatic authorization enforcement detection extension for Burp Suite.

GadgetProbe
GadgetProbe

Probe endpoints consuming Java serialized objects for fingerprinting.

GraphQL Beautifier
GraphQL Beautifier

Burp Suite extension to help make Graphql request more readable.

InQL
InQL

Burp Extension for GraphQL Security Testing.

BurpBounty
BurpBounty

Improve the active and passive Burp Suite scanner by means of custom rules through GUI.

off-by-slash
off-by-slash

Burp extension to detect alias traversal via NGINX misconfiguration at scale.

IntruderPayloads
IntruderPayloads

Payloads, fuzz lists, malicious file uploads and web pentesting methodologies and checklists.

param-miner
param-miner

Identifies hidden, unlinked parameters, useful for finding web cache poisoning vulnerabilities.

BurpJSLinkFinder
BurpJSLinkFinder

Burp Extension for a passive scanning JS files for endpoint links.

Retire.js
Retire.js

Detects the use of JavaScript libraries with known vulnerabilities.

GAP
GAP

A Burp Suite extension to find potential endpoints and parameters.

DataExtractor
DataExtractor

A Burp Suite extension to extract data from source code while browsing.

Burp Suite
Burp Suite

The class-leading vulnerability scanning, penetration testing, and web app security platform.