Burp Suite Professional BChecks developed both by PortSwigger and the community. In the realm of cybersecurity and web application testing, Burp Suite Professional stands as a formidable tool.

Within its arsenal, the BChecks extension emerges as a potent ally, combining the expertise of PortSwigger and the vibrant contributions of the community.

This comprehensive guide dives deep into the world of BChecks, shedding light on its features, documentation, and a plethora of practical examples.

Join us on a journey to unlock the full potential of Burp Suite’s BChecks for enhanced security testing and vulnerability analysis.

Documentation And Blogs

If you click the Icon in the top right of the BChecks sub tab in the Extensions tab you will be linked to the documentation.

Online documentation can be found here

BChecks: Houston, we have a solution! (blog)

Burp Suite Short (video)

Community Submissions

Please issue a pull request and follow the process outlined here

The BChecks

Examples

Example BChecks to help you get started covering

  • Blind SSRF via out-of-band detection
  • Exposed git directory
  • Leaked AWS Tokens
  • Log4Shell via out-of-band detection
  • Server Side Prototype Pollution
  • Suspicious Input Transformation

/examples

Vulnerabilities CVEd

BChecks for specific vulnerabilities which have a CVE

/vulnerabilities-CVEd

Vulnerability Classes

BChecks for specific vulnerability classes as opposed to discrete vulnerabilities.

/vulnerability-classes

Other

Other BChecks doing all the wonderful things which we didn’t imagine

/other

LEAVE A REPLY

Please enter your comment!
Please enter your name here