Skip to content

Latest commit

 

History

History
179 lines (121 loc) · 9.28 KB

Burp.md

File metadata and controls

179 lines (121 loc) · 9.28 KB

Burp Plugins

ActiveScan++ extends Burp Suite's active and passive scanning capabilities.

A Burp Extender plugin, that will take deserialized AMF objects and encode them in XML using the Xtream library

A Burp Extension to test applications for vulnerability to the Web Cache Deception attack

BurpSuite extension to identify and test S3 buckets as well as Google Storage buckets and Azure Storage containers for common misconfiguration issues using the boto/boto3 SDK library

Burp plugin to help bug hunters identify possible parameters vulnerable to XSS reflected attacks

Burp plugin to test for authorization flaws

An HMAC authentication header plugin for Burp Proxy, written in Python.

XSS Hunter Burp Plugin

Burp Suite plugin that allow to deserialize Java objects and convert them in an XML format. Unpack also gzip responses. Based on BurpJDSer-ng of omercnet.

Burp Notes Extension is a plugin for Burp Suite that adds a Notes tab. The tool aims to better organize external files that are created during penetration testing.

OAuth plugin for Burp Suite Extender

This repository contains

  • Base32Decode
  • assassin
  • dictionary_generator
  • unicode_decode
  • bing_search

YSOSERIAL Integration with burp suite

Creates a CSRF PoC with in a jiffy

Tool to convert the Java Interface definitions into Python definitions to make PyCharm (etc) a little quieter.

A Burp Plugin for Detecting Weaknesses in Content Security Policies

The Deflate Burp Plugin is a plug-in for Burp Proxy (it implements the IBurpExtender interface) that decompresses HTTP response content in the ZLIB (RFC1950) and DEFLATE (RFC1951) compression formats.

Integration Plugin for stamparam's DSXS scanner

Helps to find weak CSRF-protection in WebApp which can be easily bypassed

Plugin Collection for BURP related to black-box pentesting

Burp Suite plugin identifies insertion points for GWT (Google Web Toolkit) requests

Burp Suite plugin created for using Collaborator tool during manual testing

HeaderScan is a Burp Pro plugin that extends a scope of an automated web scan with some very promising entry points.

Provides a suite of Burp extensions and a maven plugin to automate security tests using BurpSuite.

Jython binding for Burp to facilitate realtime traffic analysis and modification using simple plugins.

ZAP/Burp plugin that generate script to reproduce a specific HTTP request (Intended for fuzzing or scripted attacks).

BurpSuite plugin for decoding IBM WebSphere Portlet States.

Scan for GPS location exposure in images with this Burp & ZAP plugin.

Image size issues plugin for Burp Suite.

Burp and ZAP plugin that display image metadata (JPEG Exif or PNG text chunk).

J2EEScan is a plugin for Burp Suite Proxy. The goal of this plugin is to improve the test coverage during web application penetration tests on J2EE applications.

All-in-one plugin for Burp Suite for the detection and the exploitation of Java deserialization vulnerabilities.

A Burp Extender plugin, that will deserialized java objects and encode them in XML using the Xtream library.

This plugin provides a JSON tab with beautified representation of the request/response.

JSON Array issues plugin for Burp Suite.

A plugin for Burp Suite Pro to work with attacker payloads and automatically generate check digits for credit card numbers and similar numbers that end with a check digit generated using the Luhn algorithm or formula (also known as the "modulus 10" or "mod 10" algorithm).

A burp plugin written in python to check for email content injection vulnerabilities.

A burp plugin to aid in the detection of scripts being loaded from over 3200 malicious cryptocurrency mining domains (cryptojacking).

A multi-tabbed encoder/decoder plugin.

Searches for parameters that are reflected back to make searching for reflected XSS just a bit easier/faster.

Burp Extender plugin that generates a sitemap of a website using Wayback Machine

Jython Plugins and Plugins Manager for Burp.

Copy as requests plugin for Burp Suite. Copies selected request(s) as Python requests invocation.

Plugin for manipulating requests in PortSwigger Burp Suite Pro v1.5+.

Static analyzer for JavaScript aiming for security bugs. (ZAP/Burp plugin)

Plugin for Burp to allow viewing and editing of intercepted SAML messages.

GUI Burp Plugin to ease discovering of security holes in web applications.

Burp plugin which supports in finding privilege escalation vulnerabilities.

Burp plugin to turn requests into sqlmap commands.

SQLiPy is a Python plugin for Burp Suite that integrates SQLMap using the SQLMap API.

WebSphere Portlet State Decoder plugin for Burp.

A Burp Extender plugin, that will make binary soap objects readable and modifiable.

WSDL Wizard is a Burp Suite plugin written in Python to detect current and discover new WSDL (Web Service Definition Language) files.

Burp intruder extender that is designed for automation and validation of XSS vulnerabilities.

Misc

Integris Security Carbonator - The Burp Suite Pro extension that automates scope, spider & scan from the command line. Carbonator helps automate the vulnerability scanning of web applications. Either 1 or 100 web applications can be scanned by issuing a single command. Carbonator is now available from within Burp Suite Pro through the BApp Store.

Burp Suite plugin for the Dradis Framework http://dradisframework.org

Hiccup is a framework that allows the Burp Suite (a web application security testing tool, http://portswigger.net/burp/) to be extended and customized, through the interface provided by Burp Extender (http://portswigger.net/burp/extender/). Its aim is to allow for the development and integration of custom testing functionality into the Burp tool using Python request/response handler plugins.