awesome-burp-extensions

A Burp Suite extension made to automate the process of bypassing 403 pages.

This extension overrides Burp Suite's default HTTP and TLS stack to make it immune to WAF fingerprinting methods such as JA3, HTTP2 frames, etc.

A Burp Suite extension to help pentesters to bypass WAFs or test their effectiveness using a number of techniques.

A Burp Suite extension to help pentesters to bypass WAFs or test their effectiveness using a number of techniques.

Add headers to all Burp requests to bypass some WAF products.

This entension use a Transfer-Encoding technology to bypass the waf.

An burpsuite extension to bypass 403 restricted directory.

ActiveScan++ extends Burp Suite's active and passive scanning capabilities.

Modified version of ActiveScan++ Burp Suite extension.

Collection of scanner checks missing in Burp.

Finds unknown classes of injection vulnerabilities.

Blinks is a powerful Burp Suite extension that automates active scanning with Burp Suite Pro and enhances its functionality. With the integration of webhooks, this tool sends real-time updates whenever a new issue is identified, directly to your preferred endpoint.

5GC API parse is a BurpSuite extension allowing to assess 5G core network functions, by parsing the OpenAPI 3.0 not supported by previous OpenAPI extension in Burp, and generating requests for intrusion tests purposes.

Non-HTTP Protocol Extension (NoPE) Proxy and DNS for Burp Suite.

Burp Suite extension for parsing Swagger web service definition files.

BurpWCFDSer is a Burp plugin that will deserialze/serialize WCF request and response to and from XML.

This extension calculate a valid WS security token for every request (In Proxy, Scanner, Intruder, Repeater, Sequencer, Extender), and replace variables in theses requests by the valid token.

Burp extension to convert XML to JSON, JSON to XML, x-www-form-urlencoded to XML, and x-www-form-urlencoded to JSON.

A Burp Suite extension to add a custom header (e.g. JWT).

Burp Suite extension for saving previously loaded assets .

a Burp Suite extension that integrates Burp issues logging, with OWASP Web Security Testing Guide (WSTG), to provide a streamlined web security testing flow for the modern-day penetration tester

This extension can be used to generate multiple scan reports by host with just a few clicks.

BCheck Helper makes finding and importing BChecks scripts into Burp easier by loading them from either a remote GitHub or local Git repository.

Simple Burp extension to drop blacklisted hosts.

EasyCSRF helps to find weak CSRF-protection in WebApp which can be easily bypassed.

This Burp extension lets you add a request to an existing macro.

A burp suite extension that enumerates infrastructure and application Admin Interfaces (OWASP OTG-CONFIG-005)

The extension works by registering a new session handling rule called "Anti-CSRF token from referer".

it is used to identify argument injection vulnerabilities, like

This Burp Extension helps you to find authorization bugs by repeating Proxy requests with self defined headers and tokens.

Add to sitemap++ is a BURP extension that can read URLs from files or clipboard and add the discovered information on the site map of the selected host(s).

Burp Suite extension to discover assets from HTTP response using passive scanning.

The Attack Surface Detector uses static code analyses to identify web app endpoints by parsing routes and identifying parameters.

A extension of Burp suite. The cookie set by the BipIP server may include a private IP, which is an extension to detect that IP

This extension integrates Crawljax, Selenium and JUnit together. The intent of this extension is to aid web application security testing, increase web application crawling capability and speed-up complex test-cases execution.

Burp Extension to add context menus for configuration of the Add to TLS Pass Through setting

Burp Extension to manipulate AES encrypted payloads.

Burp plugin to decrypt AES Encrypted traffic of mobile apps on the fly.

Burpcrypto is a collection of burpsuite encryption plug-ins, supporting AES/RSA/DES/ExecJs(execute JS encryption code in burpsuite).

This extension allows custom scan issues to be added and tracked within Burp.

This extension allows custom scan issues to be added and tracked within Burp.

The Attack Surface Detector uses static code analyses to identify web app endpoints by parsing routes and identifying parameters.

This extension allows you to automatically Drop requests that match a certain regex. Helpful in case the target has logging or tracking services enabled.

A burp suite extension that reviews backup, old, temporary, and unreferenced files on the webserver for sensitive information.

Intercept, modify, repeat and attack Android's Binder transactions using Burp Suite.