As we mentioned in our recent blog post on good resources for new Burp Suite Professional users, the BApp Store is one of the largest repositories of community-created user content you're likely to find anywhere. So when we spotted a tweet from HackerOne's @NahamSec (Ben Sadeghipour), asking the Burp Suite community for recommendations on their favorite Burp extensions, we knew it was going to be good.

In short, here's what we learned …

Here are five of your favorite BApps:

1. Autorize

BApp Store link: Autorize.
One Burp extension that kept cropping up here was Autorize, by Barak Tawily. Autorize helps you to test for authentication vulnerabilities, and can save you a lot of time in doing this.

2. Turbo Intruder

BApp Store link: Turbo Intruder.
Turbo Intruder, by PortSwigger Research's James Kettle was another popular entry. Turbo Intruder enables automated attacks even where extreme speed or complexity is required.

3. Hackvertor

BApp Store link: Hackvertor.
Another popular Burp extension - this time by PortSwigger researcher Gareth Heyes - is Hackvertor. Hackvertor is a tag-based conversion tool that supports numerous escapes and encodings.

4. Burp Bounty

BApp Store link: Burp Bounty.
Written by Eduardo Garcia, Burp Bounty helps Burp Suite Professional users to quickly and easily build their own scan checks for use with Burp Scanner.

5. Param Miner

BApp Store link: Param Miner.
Finally, another BApp that kept cropping up was Param Miner (again, by James Kettle). Built to identify hidden, unlinked parameters, Param Miner is very useful when hunting for web cache poisoning vulnerabilities.

Have your say