Some of the best Burp extensions - as chosen by you
2021-05-28 00:30:11 Author: portswigger.net(查看原文) 阅读量:159 收藏

Best Burp Suite extensions

As we mentioned in our recent blog post on good resources for new Burp Suite Professional users, the BApp Store is one of the largest repositories of community-created user content you're likely to find anywhere. So when we spotted a tweet from HackerOne's @NahamSec (Ben Sadeghipour), asking the Burp Suite community for recommendations on their favorite Burp extensions, we knew it was going to be good.

In short, here's what we learned …

Here are five of your favorite BApps:

1. Autorize

BApp Store link: Autorize.
One Burp extension that kept cropping up here was Autorize, by Barak Tawily. Autorize helps you to test for authentication vulnerabilities, and can save you a lot of time in doing this.

2. Turbo Intruder

BApp Store link: Turbo Intruder.
Turbo Intruder, by PortSwigger Research's James Kettle was another popular entry. Turbo Intruder enables automated attacks even where extreme speed or complexity is required.

3. Hackvertor

BApp Store link: Hackvertor.
Another popular Burp extension - this time by PortSwigger researcher Gareth Heyes - is Hackvertor. Hackvertor is a tag-based conversion tool that supports numerous escapes and encodings.

4. Burp Bounty

BApp Store link: Burp Bounty.
Written by Eduardo Garcia, Burp Bounty helps Burp Suite Professional users to quickly and easily build their own scan checks for use with Burp Scanner.

5. Param Miner

BApp Store link: Param Miner.
Finally, another BApp that kept cropping up was Param Miner (again, by James Kettle). Built to identify hidden, unlinked parameters, Param Miner is very useful when hunting for web cache poisoning vulnerabilities.

Have your say

It's always great to hear how other members of the community are using Burp Suite - and it's brilliant to see so many of you putting its extensibility features to good use. But the five Burp extensions in this post are by no means the limit of what's available in the BApp Store - this is just the tip of the iceberg.

If there are BApps you find especially useful, then we'd love to hear about them. Let us know over on Twitter, using #BurpSuiteTips - and give @PortSwigger a follow, if you haven't already. Finally, for updates on all the latest Burp extensions, don't forget to follow @BApp_Store.


文章来源: https://portswigger.net/blog/some-of-the-best-burp-extensions-as-chosen-by-you
如有侵权请联系:admin#unsafe.sh