BurpSuite | PowerFul Plugins

Burp Plugins

ActiveScan++

ActiveScan++ extends Burp Suite’s active and passive scanning capabilities.

AMFDSer-ngng

A Burp Extender plugin, that will take deserialized AMF objects and encode them in XML using the Xtream library

Airachnid-Burp-Extension

A Burp Extension to test applications for vulnerability to the Web Cache Deception attack

AWS-Extender

BurpSuite extension to identify and test S3 buckets as well as Google Storage buckets and Azure Storage containers for common misconfiguration issues using the boto/boto3 SDK library

BountyHelper

Burp plugin to help bug hunters identify possible parameters vulnerable to XSS reflected attacks

BurpAuthzPlugin

Burp plugin to test for authorization flaws

BurpHMAC

An HMAC authentication header plugin for Burp Proxy, written in Python.

Burp-Hunter

XSS Hunter Burp Plugin

BurpJDSer-ng-edited

Burp Suite plugin that allow to deserialize Java objects and convert them in an XML format. Unpack also gzip responses. Based on BurpJDSer-ng of omercnet.

BurpNotesExtension

Burp Notes Extension is a plugin for Burp Suite that adds a Notes tab. The tool aims to better organize external files that are created during penetration testing.

Burp-OAUTH

OAuth plugin for Burp Suite Extender

BurpPlugins

This repository contains

  • Base32Decode
  • assassin
  • dictionary_generator
  • unicode_decode
  • bing_search

Burp-ysoserial

YSOSERIAL Integration with burp suite

CSRF-PoC-plugin

Creates a CSRF PoC with in a jiffy

convertJavaToPython

Tool to convert the Java Interface definitions into Python definitions to make PyCharm (etc) a little quieter.

CSP-Bypass

A Burp Plugin for Detecting Weaknesses in Content Security Policies

Deflate-Burp-Plugin

The Deflate Burp Plugin is a plug-in for Burp Proxy (it implements the IBurpExtender interface) that decompresses HTTP response content in the ZLIB (RFC1950) and DEFLATE (RFC1951) compression formats.

DSXS-SQLMap-Plugin

Integration Plugin for stamparam’s DSXS scanner

EasyCSRF

Helps to find weak CSRF-protection in WebApp which can be easily bypassed

G2Plugins

Plugin Collection for BURP related to black-box pentesting

GWT-Scan

Burp Suite plugin identifies insertion points for GWT (Google Web Toolkit) requests

Handy Collaborator

Burp Suite plugin created for using Collaborator tool during manual testing

HeaderScan

HeaderScan is a Burp Pro plugin that extends a scope of an automated web scan with some very promising entry points.

Headless-Burp

Provides a suite of Burp extensions and a maven plugin to automate security tests using BurpSuite.

Hiccupy

Jython binding for Burp to facilitate realtime traffic analysis and modification using simple plugins.

HTTP-Script-Generator

ZAP/Burp plugin that generate script to reproduce a specific HTTP request (Intended for fuzzing or scripted attacks).

IBM-WebSphere-Portlet-Decoder

BurpSuite plugin for decoding IBM WebSphere Portlet States.

ImageLocationScanner

Scan for GPS location exposure in images with this Burp & ZAP plugin.

Image-Size

Image size issues plugin for Burp Suite.

Image-Metadata

Burp and ZAP plugin that display image metadata (JPEG Exif or PNG text chunk).

J2EEScan

J2EEScan is a plugin for Burp Suite Proxy. The goal of this plugin is to improve the test coverage during web application penetration tests on J2EE applications.

Java-Deserialization-Scanner

All-in-one plugin for Burp Suite for the detection and the exploitation of Java deserialization vulnerabilities.

JDSer-ngng

A Burp Extender plugin, that will deserialized java objects and encode them in XML using the Xtream library.

JSON_Beautifier

This plugin provides a JSON tab with beautified representation of the request/response.

JSON-Array

JSON Array issues plugin for Burp Suite.

Luhn-Payload-Processor

A plugin for Burp Suite Pro to work with attacker payloads and automatically generate check digits for credit card numbers and similar numbers that end with a check digit generated using the Luhn algorithm or formula (also known as the “modulus 10” or “mod 10” algorithm).

MailPhisher

A burp plugin written in python to check for email content injection vulnerabilities.

Minesweeper

A burp plugin to aid in the detection of scripts being loaded from over 3200 malicious cryptocurrency mining domains (cryptojacking).

MultiDEC

A multi-tabbed encoder/decoder plugin.

PassiveXssScan

Searches for parameters that are reflected back to make searching for reflected XSS just a bit easier/faster.

PwnBack

Burp Extender plugin that generates a sitemap of a website using Wayback Machine

PyBurp

Jython Plugins and Plugins Manager for Burp.

Requests

Copy as requests plugin for Burp Suite. Copies selected request(s) as Python requests invocation.

RequestUtils

Plugin for manipulating requests in PortSwigger Burp Suite Pro v1.5+.

RhinAuditor

Static analyzer for JavaScript aiming for security bugs. (ZAP/Burp plugin)

SAML

Plugin for Burp to allow viewing and editing of intercepted SAML messages.

Sentinel

GUI Burp Plugin to ease discovering of security holes in web applications.

SessionAuthTool

Burp plugin which supports in finding privilege escalation vulnerabilities.

SQLdude

Burp plugin to turn requests into sqlmap commands.

SQLiPy

SQLiPy is a Python plugin for Burp Suite that integrates SQLMap using the SQLMap API.

WebSphere-Portlet-State-Decoder

WebSphere Portlet State Decoder plugin for Burp.

WCFDSer-ngng

A Burp Extender plugin, that will make binary soap objects readable and modifiable.

WSDLWizard

WSDL Wizard is a Burp Suite plugin written in Python to detect current and discover new WSDL (Web Service Definition Language) files.

xssValidator

Burp intruder extender that is designed for automation and validation of XSS vulnerabilities.

Misc

carbonator

Integris Security Carbonator - The Burp Suite Pro extension that automates scope, spider & scan from the command line. Carbonator helps automate the vulnerability scanning of web applications. Either 1 or 100 web applications can be scanned by issuing a single command. Carbonator is now available from within Burp Suite Pro through the BApp Store.

Dradis-Burp

Burp Suite plugin for the Dradis Framework http://dradisframework.org

Hiccup

Hiccup is a framework that allows the Burp Suite (a web application security testing tool, http://portswigger.net/burp/) to be extended and customized, through the interface provided by Burp Extender (http://portswigger.net/burp/extender/). Its aim is to allow for the development and integration of custom testing functionality into the Burp tool using Python request/response handler plugins.

Source: GutHub

Enjoy! :heart:

14 Likes