BAPP EXTENTIONS

PRO EXTENSIONS:

  • Collaborator Everywhere Inject headers to reveal backend systems by causing pingbacks

  • Collabfiltrator Exfiltrate blind remote code execution output over DNS

  • Burp Bounty Pro: Active and passive checks customizable based on patterns. https://burpbounty.net/

  • Active Scan ++: More active and passive scans https://portswigger.net/bappstore/3123d5b5f25c4128894d97ea1acc4976

  • Software Vulnerability Scanner: Passive scan to detect vulnerable software versions https://portswigger.net/bappstore/c9fb79369b56407792a7104e3c4352fb

  • Backslash Powered Scanner: Active scan for SSTI detection https://portswigger.net/bappstore/9cff8c55432a45808432e26dbb2b41d8

  • CSRF Scanner: Passive CSRF detection https://portswigger.net/bappstore/60f172f27a9b49a1b538ed414f9f27c3

  • Freddy: Active and Passive scan for Java and .NET deserialization RCE https://portswigger.net/bappstore/ae1cce0c6d6c47528b4af35faebc3ab3

COMMUNITY Add Custom header JWT Editor https://github.com/frohoff/ysoserial

  • OpenAPI Parser: Parse and fetch OpenAPI documents directly from a URL https://portswigger.net/bappstore/6bf7574b632847faaaa4eb5e42f1757c

  • CO2: Multiple functions such sqlmapper, cewler https://github.com/portswigger/co2

  • Param Miner: Passive scan to detect hidden or unlinked parameters, cache poisoning https://portswigger.net/bappstore/17d2949a985c4b7ca092728dba871943

  • Logger++: Log for every burp tool and allows highlight, filter, grep, export... https://portswigger.net/bappstore/470b7057b86f41c396a97903377f3d81

  • JSON Web Tokens: decode and manipulate JSON web tokens https://portswigger.net/bappstore/f923cbf91698420890354c1d8958fee6

  • Reissue Request Scripter: generates scripts for Python, Ruby, Perl, PHP and PowerShell https://portswigger.net/bappstore/6e0b53d8c801471c9dc614a016d8a20d

  • HTTP Request Smuggler: Active scanner and launcher for HTTP Request Smuggling attacks https://portswigger.net/bappstore/aaaa60ef945341e8a450217a54a11646

-Java Deserialization Scanner: Active and passive scanner to find Java deserialization vulnerabilities https://portswigger.net/bappstore/228336544ebe4e68824b5146dbbd93ae

  • Flow: History of all burp tools, extensions and tests https://portswigger.net/bappstore/ee1c45f4cc084304b2af4b7e92c0a49d

  • Turbo Intruder: Useful for sending large numbers of HTTP requests (Race cond, fuzz, user enum) https://portswigger.net/bappstore/9abaa233088242e8be252cd4ff534988

  • Bypass WAF: Add some headers to bypass some WAFs https://portswigger.net/bappstore/ae2611da3bbc4687953a1f4ba6a4e04c

  • poi Slinger: Active scan check to find PHP object injection https://github.com/portswigger/poi-slinger

  • Autorize: Used to detect IDORs https://portswigger.net/bappstore/f9bbac8c4acf4aefa4d7dc92a991af2f

  • Match/Replace Session Action: Provides a match and replace function as a Session Handling Rule. https://portswigger.net/bappstore/9b5c532966ca4d5eb13c09c72ba7aac2

-.NET Beautifier: Easy view for VIEWSTATE parameter https://portswigger.net/bappstore/e2a137ad44984ccb908375fa5b2c618d

  • Wsdler: generates SOAP requests from WSDL request https://portswigger.net/bappstore/594a49bb233748f2bc80a9eb18a2e08f

  • SAML Raider: for testing SAML infrastructures, messages and certificates https://github.com/CompassSecurity/SAMLRaider

OLD

  • ssrf-king: Automates SSRF detection

  • burp-send-to: Adds a customizable "Send to..."-context-menu.

  • Burp-exporter: other extension for export request to multiple languages https://github.com/artssec/burp-exporter

//ReconAIzer

ReconAIzer is a powerful Jython extension for Burp Suite that leverages OpenAI to help bug bounty hunters optimize their recon process.

Add Custom Header https://portswigger.net/bappstore/807907f5380c4cb38748ef4fc1d8cdbc

BurpJSLinkFinder Burp Extension for a passive scanning JS files for endpoint links. - Export results the text file - Exclude specific 'js' files e.g. jquery, google-analytics

Hackvertor: Bypass WAF

JWT Editor: for editing, signing, verifying, encrypting and decrypting JSON Web Tokens (JWTs).

Retire.js: Identifies JavaScript libraries with known vulnerabilities.

Paramalyzer: Helps in the identification of hidden, unlinked parameters.

Burp VPS Proxy: Easy Cloud Proxies for Burp Suite: https://github.com/d3mondev/burp-vps-proxy

SQLiPy SQL Injection Scanner: Injects SQL payloads into all parameters and looks for evidence of an SQL injection.

J2EEScan: Useful for testing J2EE applications. It extends Burp's scanning capabilities to identify J2EE vulnerablities.

Burp Bounty (Scan Check Builder): It improves the active and passive scanner capabilities by allowing you to customize payloads and scan checks.

Autorize: Automatically detects authorization enforcement by tagging requests and responses.

Logger++: Logs requests and responses for all Burp tools in a sortable table.

JSON Decoder: Beautifies and simplifies complex JSON responses.

Wsdler: Parses WSDL files for web service testing.

EsPReSSO: Enhances handling of client-side stored data like cookies and HTML5 local storage.

Backslash Powered Scanner: Actively scans for parameter-based vulnerabilities.

BurpHash: Helps to decrypt hash values or make a comparison between two or more hash values quickly

HUNT Methodology Scanner: Allows for easier identification of common parameters vulnerable to certain vuln classes (SQLi, XSS, command injection, etc.)

Turbo Intruder: Allows you to perform high speed, reliable HTTP requests.

Upload Scanner: Scans file uploads to find client-side and server-side vulnerabilities.

Reflected Parameters: Monitors and logs all reflected parameters within the HTTP response.

Collaborator Everywhere: Injects Burp Collaborator payloads into almost every parameter.

CSRF Scanner: Scans for potential CSRF vulnerabilities.

InQL (Introspection GraphQL): A Burp Suite extension for handling GraphQL.

Content Type Converter: Converts JSON to XML, XML to JSON, etc., for ease of viewing.

Same Origin Policy Bypass: Helps find SOP bypasses.

Shellshock Scanner: Actively scans for the shellshock vulnerability.

Active Scan++, Param Miner, JS Link Finder, Additional Scanner Checks, Software Vulnerability Scanner, Software Version Reporter, Backslash Powered Scanner, CSRF Scanner, Freddy, Deserialization Bug Finder, HTTP Request Smuggler, JSON Web Tokens, Reissue Request Scripter, Retire.js, WAFDetect, Web Cache Deception Scanner Cookie Decrypter, Collaborator Everywhere, CSP-Bypass, J2EEScan, Trishul, Flow, Java Deserialization Scanner, SecretFinder, Reflector, Wsdler, Autorize, Bypass WAF, .NET Beautifier, Collabfiltrator,

  • Hackvertor: Bypass WAF

  • JWT Editor: for editing, signing, verifying, encrypting and decrypting JSON Web Tokens (JWTs).

  • Retire.js: Identifies JavaScript libraries with known vulnerabilities.

  • Burp VPS Proxy: Easy Cloud Proxies for Burp Suite: https://github.com/d3mondev/burp-vps-proxy

  • Paramalyzer: Helps in the identification of hidden, unlinked parameters.

  1. SQLiPy SQL Injection Scanner: Injects SQL payloads into all parameters and looks for evidence of an SQL injection.

  2. J2EEScan: Useful for testing J2EE applications. It extends Burp's scanning capabilities to identify J2EE vulnerablities.

  3. Burp Bounty (Scan Check Builder): It improves the active and passive scanner capabilities by allowing you to customize payloads and scan checks.

  4. Autorize: Automatically detects authorization enforcement by tagging requests and responses.

  5. Logger++: Logs requests and responses for all Burp tools in a sortable table.

  6. JSON Decoder: Beautifies and simplifies complex JSON responses.

  7. Wsdler: Parses WSDL files for web service testing.

  8. EsPReSSO: Enhances handling of client-side stored data like cookies and HTML5 local storage.

  9. Backslash Powered Scanner: Actively scans for parameter-based vulnerabilities.

  10. Software Vulnerability Scanner: Integrates with Burp to identify software that is outdated and potentially vulnerable.

  11. BurpHash: Helps to decrypt hash values or make a comparison between two or more hash values quickly.

  12. HUNT Methodology Scanner: Allows for easier identification of common parameters vulnerable to certain vuln classes (SQLi, XSS, command injection, etc.)

  13. Turbo Intruder: Allows you to perform high speed, reliable HTTP requests.

  14. Upload Scanner: Scans file uploads to find client-side and server-side vulnerabilities.

  15. Brida: Integrates Burp Suite with the Frida Tool, useful for mobile app testing.

  16. J2EEScan: Improves the test coverage of J2EE applications.

  17. Request Timer: Measures the time taken for HTTP responses.

  18. Reflected Parameters: Monitors and logs all reflected parameters within the HTTP response.

  19. CO2: A collection of various tools including Payload encoding/decoding, SQL helpers, and command shortcuts.

  20. Collaborator Everywhere: Injects Burp Collaborator payloads into almost every parameter.

  21. Flow: Provides a sortable and filterable view of all Burp Suite tools' HTTP traffic.

  22. CSRF Scanner: Scans for potential CSRF vulnerabilities.

  23. InQL (Introspection GraphQL): A Burp Suite extension for handling GraphQL.

  24. Content Type Converter: Converts JSON to XML, XML to JSON, etc., for ease of viewing.

  25. Reissue Request Scripter: A tool for scripting the reissue of requests.

  26. HTML5 Auditor: Audits HTML5 web storage data, useful for checking local and session storage.

  27. Same Origin Policy Bypass: Helps find SOP bypasses.

  28. Shellshock Scanner: Actively scans for the shellshock vulnerability.

Add Custom Header https://www.youtube.com/watch?v=7OF6xPH9WS8 https://portswigger.net/bappstore/807907f5380c4cb38748ef4fc1d8cdbc Add or update custom HTTP headers from session handling rules. This is especially useful for JSON Web Tokens (JWT). Basic usage, with a hard-coded value:

  1. Select the Add Custom Header tab and enter the header name and hard-coded value.

  2. Select Project Options -> Sessions

  3. Add a Session Handling rule

  4. Name it and select Add, Invoke a Burp Extension extension

  5. Make sure the scope is correct. If you're just trying this out, you can use Include all URLs, but set a proper scope for regular use.

  6. Select the Add Custom Header option from the list in the following screen

HEADER NAME: BUGS HEADER PREFIX: HEADER VALUE:

  • REGULAR EXPRESSION:

  • HARD-CODED VALUE:

User-Agent: HackerOne VDP [EXODUSSEC]

Previous#2 Web Attack: Cheat SheetNext1. Essential skills

Last updated