Bug Culture Wiki
Pages (Latest 3 updated) : Menu (Edit):
Add new Edit Delete History Source
Contents:
  1. Burpsuite Extensions

Burpsuite Extensions

Here are some of the Burpsuite extensions that I find myself using frequently during bug bounty and pentests:

  • Autorize (save time detecting authorization vulnerabilities)
  • jsminer (look for interesting stuff inside staic files)
  • Hunt Scanner (scans for interesting parameters)
  • JWT Editor (quickly debugging jwt)
  • Active scan++ (ehhh.. usually just for intial scans during pentests)
  • Param miner (awesome little scanner for hidden inputs)
  • turbo intruder (its fastttt, race conditions, etc)
  • inQL (great for testing grapql APIs)
  • wsdler (web services)
  • HTTP Request Smuggler (yeah)
  • 403 bypasser
  • NoSQLi
  • ClickBandit (easy clickjacking)
  • My BChecks (somewhat useful)
  • Content Type Converter (Does what it says. Useful for finding bugs that can only be found by converting the content type of a request)
  • Hackvector (converting, encoding, and transforming text or code)