Burp Suite Professional BChecks developed both by PortSwigger and the community. In the realm of cybersecurity and web application testing, Burp Suite Professional stands as a formidable tool.
Within its arsenal, the BChecks extension emerges as a potent ally, combining the expertise of PortSwigger and the vibrant contributions of the community.
This comprehensive guide dives deep into the world of BChecks, shedding light on its features, documentation, and a plethora of practical examples.
Join us on a journey to unlock the full potential of Burp Suite’s BChecks for enhanced security testing and vulnerability analysis.
If you click the Icon in the top right of the BChecks sub tab in the Extensions tab you will be linked to the documentation.
Online documentation can be found here
Please issue a pull request and follow the process outlined here
Example BChecks to help you get started covering
- Blind SSRF via out-of-band detection
- Exposed git directory
- Leaked AWS Tokens
- Log4Shell via out-of-band detection
- Server Side Prototype Pollution
- Suspicious Input Transformation
BChecks for specific vulnerabilities which have a CVE
BChecks for specific vulnerability classes as opposed to discrete vulnerabilities.
Other BChecks doing all the wonderful things which we didn’t imagine