Top 30 Best Burpsuite Extensions used by Hackers and Pentesters

As Burp Suite is one of the most widely used tool across pen testers and bug bounty hunters. This tool dominates across all other tools when it comes to penetration testing & security assessments. One of the best strength of Burp Suite is its extensibility through free plugins. One can use these burp extenions to broaden their testing. We will take a look at 30 of the best burpsuite extensions.

What is BurpSuite ?

“Burp,” as it is commonly known, is a proxy-based tool designed by Portswigger used to evaluate the security of web-based applications. The tool is a proxy designed to allow the analysis and editing of web traffic. The proxy can intercept web requests and responses and read and edit them in real-time before they reach their respective destinations.

Features and Advantages –

• Intercept everything your browser sees.
• Work with WebSockets.
• Install Extensions.
• Faster brute-forcing and fuzzing.
• Query automated attack results.
• Scan as you browse.
• Automatically modify HTTP messages.
• Construct CSRF exploits.
• Manage recon data.
• Automated scanning.

Top 30 Best Burpsuite Extensions used by Hackers and Pentesters

Also Read: Powerful Oneliner scripts for Bug Bounty Hunters

Here, we’re going to look at 30 of the best burpsuite extensions which is being used by hackers, bug bounty hunters and pentesters.

1. JSON Web Tokens

JSON Web Tokens is a powerful extension which helps in detecting and exploiting vulnerabilities related to JWT tokens. It helps you decode and manipulate JSON web tokens on the fly, check their validity and automate common attacks.

It has the capability of

• Automatic recognition
• JWT Editor
• Resigning of JWTs
• Signature checks
• Automated attacks available such as “Alg None” & “CVE-2018-0114”
• Validity checks and support for ‘expires’, ‘not before’, ‘issued at’ fields in the payload
• Automatic tests for security flags in cookie transmitted JWTs

You can install this plugin straightforwardly inside Burp, through the BApp Store highlight in the Burp Extender tool.

2. SQLiPy Sqlmap integration

This extension enables us to use the sqlmap tool within the Burp suite for detecting and exploiting SQL injection vulnerabilities. There is no need no configure it, we have to go to the extension tab and click on start API.

Once the SQLMap API is running, it is just a matter of right mouse clicking in the ‘Request’ sub tab of either the Target or Proxy main tabs and choosing ‘SQLiPy Scan’. This will populate the SQLMap Scanner tab of the plugin with information about that request. Clicking the ‘Start Scan’ button will execute a scan.

You can install this plugin straightforwardly inside Burp, through the BApp Store highlight in the Burp Extender tool.

3. Autorize

Autorize was designed to help security testers by performing automatic authorization tests.

This extension can also use to identify authentication vulnerabilities in addition to permissions, the possibility of repeating any request without a cookie. It is sufficient to give to the extension the cookies of a low privileged user and navigate the website with a high privileged user. The extension automatically repeats every request with the session of the low privileged user and detects authorization vulnerabilities.

You can install this plugin straightforwardly inside Burp, through the BApp Store highlight in the Burp Extender tool.

4. tplmap

Burp extension for Tplmap, a Server-Side Template Injection and Code Injection Detection and Exploitation Tool.

TPLMap is a powerful plugin which is sued to detect and exploit Server Side Template Injections(SSTI) vulnerabilities with a number of sandbox escape techniques to get access to the underlying operating system. Tplmap plugin supports lots of template engines like PHP, Ruby, Python, Jinja2, and Tornado etc.

Get it from here – TPLMap

Note: Make sure to import Jython in burp suite, as this is a python-based tool. Make sure t install the following dependencies of python (PyYaml & requests).

5. Active Scan++

ActiveScan++ is one of the most popular extension which widens Burp Suite’s active and passive scanning capabilities. The plugin works with burp scanner and integrated with large number of security tests like Template Injections, Host Header Attacks, Blind code Injections, Password Reset Poisoning, Cache Poisoning, DNS Rebinding, XML Injection, Arbitrary Header Injection, Template Injeciton, Blind Code Injection etc.

You can install this plugin straightforwardly inside Burp, through the BApp Store highlight in the Burp Extender tool.

6. AWS Security Checks

AWS Security Checks extension provides additional Scanner checks for AWS security issues. The extension/plugin performed various active & passive checks like

Passive checks performed:

• AWS secrets returned in response

Active checks performed:

• S3 buckets in use
• S3 buckets unauth read
• S3 buckets unauth write
• S3 buckets authed read (requires AWS SDK)
• S3 buckets authed write (requires AWS SDK)
• AWS secrets accessible via meta-data

You can install this plugin directly within Burp, via the BApp Store feature in the Burp Extender tool.

7. BurpJS Link Finder

While doing penetration testing or bug hunting, Detection of the hidden endpoints is challenging by manual way. So we need to have an automated method that can detect the endpoints of JavaScript files. This Burp Extension is used for a passively scanning JavaScript files for endpoint links.

Features

• Find endpoint links
• Export results the text file
• Exclude specific ‘js’ files e.g. jquery, google-analytics

You can install this plugin directly within Burp, via the BApp Store feature in the Burp Extender tool.

8. Backslash Powered Scanner

This extension complements Burp’s active scanner by using a novel approach capable of finding and confirming both known and unknown classes of server-side injection vulnerabilities. Evolved from classic manual techniques, this approach reaps many of the benefits of manual testing including casual WAF evasion, a tiny network footprint, and flexibility in the face of input filtering.

You can install this plugin straightforwardly inside Burp, through the BApp Store highlight in the Burp Extender tool.

9. Reflector

Reflector is the plugin which helps in finding cross site scripting bugs on pages in real time while browsing the site.

Some features of the plugin are:

• Highlighting of reflection in the response tab.
• Test which symbols is allowed in this reflection.
• Analyze of reflection context.
• Content-Type whitelist.

Get it from here – The plugin is available on Github, can be downloaded via link.

10. BurpJS Miner

This extension tries to find interesting stuff inside static files; mainly JavaScript and JSON files. This tool tries to help with this “initial” recon phase, which should be followed by manual review/analysis of the reported issues.

You can install this plugin straightforwardly inside Burp, through the BApp Store highlight in the Burp Extender tool.

11. HTTP Request Smuggler

While doing bug hunting or pen testing, manually discovering this vulnerability is a challenging task, so this extension or plugin can be leveraged to automate the whole task of finding and exploiting the HTTP request smuggling vulnerability. This is an extension for Burp Suite written by “James Kettle” designed to help you launch HTTP Request Smuggling attacks, originally created during HTTP Desync Attacks research. It supports scanning for Request Smuggling vulnerabilities, and also aids exploitation of it.

You can install this plugin straightforwardly inside Burp, through the BApp Store highlight in the Burp Extender tool.

12. BurpBounty

BurpBounty is the BurpSuite extension permits you, in a speedy and straightforward way, to improve the active and passive burpsuite scanner by means of personalized rules through a very intuitive graphical interface. Through a high level hunt of examples and an improvement of the payload to send, we can make our own issue profiles both in the dynamic scanner and in the detached.

You can install this plugin directly within Burp, via the BApp Store feature in the Burp Extender tool.

13. Burp AEM Security Scanner

Burp AEM Security Scanner is an AEM focussed plugin which supports the evaluation of well known misconfigurations of AEM installations. It supports the verification of a number of Adobe’s security checklist topics and evaluates typical AEM and Dispatcher misconfigurations.

Image Source: Github

14. Turbo Intruder

Turbo Intruder is a Burp Suite expansion built by “James Kettle” for sending enormous quantities of HTTP requests and dissecting the outcomes. It’s intended to complement Burp Intruder by handling attacks that require exceptional speed, duration, or complexity. The following features set it apart:

• High Speed – Turbo Intruder uses a HTTP stack hand-coded from scratch with speed in mind. As a result, on many targets it can seriously outpace even fashionable asynchronous Go scripts.
• Low Memory Consumption – Turbo Intruder can achieve flat memory usage, enabling reliable multi-day attacks.
• Flexible – Attacks can be configured using Python. This enables handling of complex requirements such as signed requests and multi-step attack sequences.
• Convenient – Boring results can be automatically filtered out by an advanced diffing algorithm adapted from Backslash Powered Scanner. This means you can launch an attack and obtain useful results in two clicks.

You can install this plugin directly within Burp, via the BApp Store feature in the Burp Extender tool.

15. Param Miner

This extension identifies hidden, unlinked parameters. It’s particularly useful for finding web cache poisoning vulnerabilities. Param miner uses binary search technique to guess up to 65,000 param names per request. Param names come from a customized built in wordlist. The following features set it apart –

• High Speed – Launch guessing attacks on hundereds/thousands selected requests at the same time.

You can install this plugin straightforwardly inside Burp, through the BApp Store highlight in the Burp Extender tool.

16. JSON Beautifier

This is a Burp Extension for beautifying JSON output.

You can install this plugin straightforwardly inside Burp, through the BApp Store highlight in the Burp Extender tool.

17. J2EEScan

J2EEScan is a burp extension designed to detect flaws on J2EE applications. The goal of this plugin is to improve the test coverage during web application penetration tests on J2EE applications. The plugin is integrated with more than 80+ unique security test cases and new strategies to discover different kind of J2EE vulnerabilities.

You can install this plugin straightforwardly inside Burp, through the BApp Store highlight in the Burp Extender tool.

18. Flow

This extension provides a Proxy history-like view along with search filter capabilities for all Burp tools. Requests without responses received are also shown and they are later updated as soon as response is received. This might be helpful to troubleshoot e.g. scanning issues.

You can install this plugin straightforwardly inside Burp, through the BApp Store highlight in the Burp Extender tool.

19. Logger++

Logger++ is a multithreaded logging extension  and one of the most useful extention for Burp Suite. The extension logs all the requests and responses from all Burp Suite tools which later can be used to filter the entries or apply advanced filters to only those which match the filter. Features of Logger++

• Grep through logs.
• Logs all the tools that are sending requests and receiving responses.
• Output the result in CSV format.
• Advanced Filters can be created to display only requests matching a specific string or regex pattern.
• Row highlighting to make interesting requests more clear & visible.
• Live requests and responses.
• Multithreaded.

You can install this plugin straightforwardly inside Burp, through the BApp Store highlight in the Burp Extender tool.

20. 403 bypasser

403 bypasser burpsuite extension becomes useful when we came across the restriced endpoints. The main goal of the extension is to bypass 403 restricted directory by applying various test cases.

You can install this plugin straightforwardly inside Burp, through the BApp Store highlight in the Burp Extender tool.

21. GraphQL Raider

GraphQL Raider is a useful Burp Suite Extension for testing endpoints or web applications implementing GraphQL . While intercepting or resending you can manipulate the gql query and variables inside the gql tab and the message will be correctly send.

You can install this plugin straightforwardly inside Burp, through the BApp Store highlight in the Burp Extender tool.

22. SAML Raider

SAML Raider is a Burp Suite extension for testing SAML infrastructures. It supports two core functionalities which are manipulating SAML Messages and manage X.509 certificates.

Features of the SAML Raider message editor:

• Sign SAML messages & assertions (signature spoofing attack)
• Remove signatures (signature exclusion attack)
• Edit SAML messages (SAMLRequest, SAMLResponse & custom parameter names)
• Perform eight common XSW attacks
• Insert XXE and XSLT attack payloads
• Supported Profiles: SAML Webbrowser Single Sign-on Profile, Web Services Security SAML Token Profile
• Supported Bindings: POST Binding, Redirect Binding, SOAP Binding, URI Binding

Features of the SAML Raider Certificate Management:

• Import X.509 certificates (PEM and DER format)  and chains
• Export X.509 certificates (PEM format)
• Delete imported X.509 certificates
• Display informations of X.509 certificates
• Import private keys (PKCD#8 in DER format and traditional RSA in PEM Format)
• Export private keys (traditional RSA Key PEM Format)
• Cloning X.509 certificates & chains
• Create new X.509 certificates
• Editing and self-sign existing X.509 certificates

You can install this plugin straightforwardly inside Burp, through the BApp Store highlight in the Burp Extender tool.

23. Reflected Parameters

Reflected parameters extension is useful for detecting the strings present in request parameters that are reflected in response. This extension is useful in finding XSS flaws.

You can install this plugin straightforwardly inside Burp, through the BApp Store highlight in the Burp Extender tool.

24. CSRF Scanner

CSRF Scanner extension is used for finding CSRF (cross site request forgery) vulnerabilities.

You can install this plugin straightforwardly inside Burp, through the BApp Store highlight in the Burp Extender tool.

25. Upload Scanner

This extension allows  testing the functionality of the file upload feature. Upload scanner extension could save you a lot of time. It has the ability to upload a number of different file types, laced with different forms of payload. Upload Scanner can test for vulnerabilities including server-side request forgery (SSRF) and XML external entity (XXE) injection using common file types like JPEG, PDF, and MP4 as vectors.

There are several main features:

1. Metadata modification technique with embedded exiftool
2. Multiple injection processes with PHP, JSP, ASP, XXE, SSRF, XXS and SSI payloads.
3. Modify file size, file extensions, and the content.

You can install this plugin straightforwardly inside Burp, through the BApp Store highlight in the Burp Extender tool.

26. Bypass WAF

Bypass WAF extension is a useful extension which helps in evading WAFs by adding headers to all Burp requests. The following headers are automatically added to all requests: These values can be modified from extension tab.

• X-Originating-IP: 127.0.0.1
• X-Forwarded-For: 127.0.0.1
• X-Remote-IP: 127.0.0.1
• X-Remote-Addr: 127.0.0.1
• X-Client-IP: 127.0.0.1

You can install this plugin straightforwardly inside Burp, through the BApp Store highlight in the Burp Extender tool.

27. RetireJS

RetireJS extension integrates Burpsuite with the Retire.js repository to find vulnerable JavaScript libraries. It passively look at JavaScript files loaded and identify those vulnerable based on various signature types (URL, filename, file content or specific hash).

Image Source: Github

You can install this plugin straightforwardly inside Burp, through the BApp Store highlight in the Burp Extender tool.

28. Content Type Converter

Content Type Converter is a Burp extension used to convert XML to JSON, JSON to XML, x-www-form-urlencoded to XML, and x-www-form-urlencoded to JSON etc.

You can install this plugin straightforwardly inside Burp, through the BApp Store highlight in the Burp Extender tool.

29. Hackvertor

Hackvertor is a tag-based conversion tool written in Java that supports various escapes and encodings including HTML5 entities, hex, octal, unicode, url encoding etc. It has the following features –

• It uses XML-like tags to specify the type of encoding/conversion used.
• You can use multiple nested tags to perform conversions.
• Tags can also have arguments allowing them to behave like functions.
• It has an auto decode feature allowing it to guess the type of conversion required and automatically decode it multiple times.
• Multiple tabs
• Character set conversion

You can install this plugin straightforwardly inside Burp, through the BApp Store highlight in the Burp Extender tool.

30. SSL Scanner

SSL scanner enables Burpsuite to detect SSL related flaws. It can detect the following vulnerabilities –