# BAPP EXTENTIONS **PRO EXTENSIONS:** {% embed url="" %} {% embed url="" %} * [Collaborator Everywhere](https://portswigger.net/bappstore/2495f6fb364d48c3b6c984e226c02968) Inject headers to reveal backend systems by causing pingbacks * [Collabfiltrator](https://github.com/0xC01DF00D/Collabfiltrator) Exfiltrate blind remote code execution output over DNS * Burp Bounty Pro: Active and passive checks customizable based on patterns. * Active Scan ++: More active and passive scans * Software Vulnerability Scanner: Passive scan to detect vulnerable software versions * Backslash Powered Scanner: Active scan for SSTI detection * CSRF Scanner: Passive CSRF detection * Freddy: Active and Passive scan for Java and .NET deserialization RCE COMMUNITY Add Custom header JWT Editor * OpenAPI Parser: Parse and fetch OpenAPI documents directly from a URL * CO2: Multiple functions such sqlmapper, cewler * Param Miner: Passive scan to detect hidden or unlinked parameters, cache poisoning * Logger++: Log for every burp tool and allows highlight, filter, grep, export... * JSON Web Tokens: decode and manipulate JSON web tokens * Reissue Request Scripter: generates scripts for Python, Ruby, Perl, PHP and PowerShell * HTTP Request Smuggler: Active scanner and launcher for HTTP Request Smuggling attacks -Java Deserialization Scanner: Active and passive scanner to find Java deserialization vulnerabilities * Flow: History of all burp tools, extensions and tests * Turbo Intruder: Useful for sending large numbers of HTTP requests (Race cond, fuzz, user enum) * Bypass WAF: Add some headers to bypass some WAFs * poi Slinger: Active scan check to find PHP object injection * Autorize: Used to detect IDORs * Match/Replace Session Action: Provides a match and replace function as a Session Handling Rule. -.NET Beautifier: Easy view for VIEWSTATE parameter * Wsdler: generates SOAP requests from WSDL request * SAML Raider: for testing SAML infrastructures, messages and certificates OLD * [ssrf-king](https://github.com/ethicalhackingplayground/ssrf-king?s=09): Automates SSRF detection * [burp-send-to](https://github.com/bytebutcher/burp-send-to): Adds a customizable "Send to..."-context-menu. * Burp-exporter: other extension for export request to multiple languages **//ReconAIzer** ReconAIzer is a powerful Jython extension for Burp Suite that leverages OpenAI to help bug bounty hunters optimize their recon process. {% embed url="" %} {% embed url="" %} **Add Custom Header** \ [**https://portswigger.net/bappstore/807907f5380c4cb38748ef4fc1d8cdbc**](https://portswigger.net/bappstore/807907f5380c4cb38748ef4fc1d8cdbc) **BurpJSLinkFinder**\ Burp Extension for a passive scanning JS files for endpoint links.\ \- Export results the text file\ \- Exclude specific 'js' files e.g. jquery, google-analytics **Hackvertor:** \ Bypass WAF **JWT Editor:** \ for editing, signing, verifying, encrypting and decrypting JSON Web Tokens (JWTs). **Retire.js:** \ Identifies JavaScript libraries with known vulnerabilities. **Paramalyzer:** \ Helps in the identification of hidden, unlinked parameters. **Burp VPS Proxy:** \ Easy Cloud Proxies for Burp Suite: **SQLiPy SQL Injection Scanner:** \ Injects SQL payloads into all parameters and looks for evidence of an SQL injection. **J2EEScan:** \ Useful for testing J2EE applications. It extends Burp's scanning capabilities to identify J2EE vulnerablities. **Burp Bounty (Scan Check Builder):** \ It improves the active and passive scanner capabilities by allowing you to customize payloads and scan checks. **Autorize:** \ Automatically detects authorization enforcement by tagging requests and responses. **Logger++:** \ Logs requests and responses for all Burp tools in a sortable table. **JSON Decoder:** \ Beautifies and simplifies complex JSON responses. **Wsdler:** \ Parses WSDL files for web service testing. **EsPReSSO:** \ Enhances handling of client-side stored data like cookies and HTML5 local storage. **Backslash Powered Scanner:** \ Actively scans for parameter-based vulnerabilities. **BurpHash:** \ Helps to decrypt hash values or make a comparison between two or more hash values quickly **HUNT Methodology Scanner:** \ Allows for easier identification of common parameters vulnerable to certain vuln classes (SQLi, XSS, command injection, etc.) **Turbo Intruder:** \ Allows you to perform high speed, reliable HTTP requests. **Upload Scanner:** \ Scans file uploads to find client-side and server-side vulnerabilities. **Reflected Parameters:** \ Monitors and logs all reflected parameters within the HTTP response. **Collaborator Everywhere:** \ Injects Burp Collaborator payloads into almost every parameter. **CSRF Scanner:** \ Scans for potential CSRF vulnerabilities. **InQL (Introspection GraphQL):** \ A Burp Suite extension for handling GraphQL. **Content Type Converter:** \ Converts JSON to XML, XML to JSON, etc., for ease of viewing. **Same Origin Policy Bypass:** \ Helps find SOP bypasses. **Shellshock Scanner:** \ Actively scans for the shellshock vulnerability. Active Scan++, Param Miner, JS Link Finder, Additional Scanner Checks, Software Vulnerability Scanner, Software Version Reporter, Backslash Powered Scanner, CSRF Scanner, Freddy, Deserialization Bug Finder, HTTP Request Smuggler, JSON Web Tokens, Reissue Request Scripter, Retire.js, WAFDetect, Web Cache Deception Scanner Cookie Decrypter, Collaborator Everywhere, CSP-Bypass, J2EEScan, Trishul, Flow, Java Deserialization Scanner, SecretFinder, Reflector, Wsdler, Autorize, Bypass WAF, .NET Beautifier, Collabfiltrator, * Hackvertor: Bypass WAF * JWT Editor: for editing, signing, verifying, encrypting and decrypting JSON Web Tokens (JWTs). * Retire.js: Identifies JavaScript libraries with known vulnerabilities. * Burp VPS Proxy: Easy Cloud Proxies for Burp Suite: * Paramalyzer: Helps in the identification of hidden, unlinked parameters. 1. SQLiPy SQL Injection Scanner: Injects SQL payloads into all parameters and looks for evidence of an SQL injection. 2. J2EEScan: Useful for testing J2EE applications. It extends Burp's scanning capabilities to identify J2EE vulnerablities. 3. Burp Bounty (Scan Check Builder): It improves the active and passive scanner capabilities by allowing you to customize payloads and scan checks. 4. Autorize: Automatically detects authorization enforcement by tagging requests and responses. 5. Logger++: Logs requests and responses for all Burp tools in a sortable table. 6. JSON Decoder: Beautifies and simplifies complex JSON responses. 7. Wsdler: Parses WSDL files for web service testing. 8. EsPReSSO: Enhances handling of client-side stored data like cookies and HTML5 local storage. 9. Backslash Powered Scanner: Actively scans for parameter-based vulnerabilities. 10. Software Vulnerability Scanner: Integrates with Burp to identify software that is outdated and potentially vulnerable. 11. BurpHash: Helps to decrypt hash values or make a comparison between two or more hash values quickly. 12. HUNT Methodology Scanner: Allows for easier identification of common parameters vulnerable to certain vuln classes (SQLi, XSS, command injection, etc.) 13. Turbo Intruder: Allows you to perform high speed, reliable HTTP requests. 14. Upload Scanner: Scans file uploads to find client-side and server-side vulnerabilities. 15. Brida: Integrates Burp Suite with the Frida Tool, useful for mobile app testing. 16. J2EEScan: Improves the test coverage of J2EE applications. 17. Request Timer: Measures the time taken for HTTP responses. 18. Reflected Parameters: Monitors and logs all reflected parameters within the HTTP response. 19. CO2: A collection of various tools including Payload encoding/decoding, SQL helpers, and command shortcuts. 20. Collaborator Everywhere: Injects Burp Collaborator payloads into almost every parameter. 21. Flow: Provides a sortable and filterable view of all Burp Suite tools' HTTP traffic. 22. CSRF Scanner: Scans for potential CSRF vulnerabilities. 23. InQL (Introspection GraphQL): A Burp Suite extension for handling GraphQL. 24. Content Type Converter: Converts JSON to XML, XML to JSON, etc., for ease of viewing. 25. Reissue Request Scripter: A tool for scripting the reissue of requests. 26. HTML5 Auditor: Audits HTML5 web storage data, useful for checking local and session storage. 27. Same Origin Policy Bypass: Helps find SOP bypasses. 28. Shellshock Scanner: Actively scans for the shellshock vulnerability. Add Custom Header Add or update custom HTTP headers from session handling rules. This is especially useful for JSON Web Tokens (JWT). Basic usage, with a hard-coded value: 1. Select the Add Custom Header tab and enter the header name and hard-coded value. 2. Select Project Options -> Sessions 3. Add a Session Handling rule 4. Name it and select Add, Invoke a Burp Extension extension 5. Make sure the scope is correct. If you're just trying this out, you can use Include all URLs, but set a proper scope for regular use. 6. Select the Add Custom Header option from the list in the following screen HEADER NAME: BUGS HEADER PREFIX: HEADER VALUE: * REGULAR EXPRESSION: * HARD-CODED VALUE: User-Agent: HackerOne VDP \[EXODUSSEC] --- # Agent Instructions: Querying This Documentation If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question. Perform an HTTP GET request on the current page URL with the `ask` query parameter: ``` GET https://oscp-exodussec.gitbook.io/cheatsheet55/bscp/bapp-extentions.md?ask= ``` The question should be specific, self-contained, and written in natural language. The response will contain a direct answer to the question and relevant excerpts and sources from the documentation. Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.