Burp Suite Professional BChecks developed both by PortSwigger and the community. In the realm of cybersecurity and web application testing, Burp Suite Professional stands as a formidable tool.

Within its arsenal, the BChecks extension emerges as a potent ally, combining the expertise of PortSwigger and the vibrant contributions of the community.

This comprehensive guide dives deep into the world of BChecks, shedding light on its features, documentation, and a plethora of practical examples.

Join us on a journey to unlock the full potential of Burp Suite’s BChecks for enhanced security testing and vulnerability analysis.

Documentation And Blogs

If you click the Icon in the top right of the BChecks sub tab in the Extensions tab you will be linked to the documentation.

Online documentation can be found here

BChecks: Houston, we have a solution! (blog)

Burp Suite Short (video)

Community Submissions

Please issue a pull request and follow the process outlined here

The BChecks


Example BChecks to help you get started covering

  • Blind SSRF via out-of-band detection
  • Exposed git directory
  • Leaked AWS Tokens
  • Log4Shell via out-of-band detection
  • Server Side Prototype Pollution
  • Suspicious Input Transformation


Vulnerabilities CVEd

BChecks for specific vulnerabilities which have a CVE


Vulnerability Classes

BChecks for specific vulnerability classes as opposed to discrete vulnerabilities.



Other BChecks doing all the wonderful things which we didn’t imagine


Published by Tamil S

Tamil has a great interest in the fields of Cyber Security, OSINT, and CTF projects. Currently, he is deeply involved in researching and publishing various security tools with Kali Linux Tutorials, which is quite fascinating.

Leave a comment

Your email address will not be published. Required fields are marked *