Cyber security

BChecks : Unlocking The Power Of Burp Suite Professional – A Comprehensive Guide

Burp Suite Professional BChecks developed both by PortSwigger and the community. In the realm of cybersecurity and web application testing, Burp Suite Professional stands as a formidable tool.

Within its arsenal, the BChecks extension emerges as a potent ally, combining the expertise of PortSwigger and the vibrant contributions of the community.

This comprehensive guide dives deep into the world of BChecks, shedding light on its features, documentation, and a plethora of practical examples.

Join us on a journey to unlock the full potential of Burp Suite’s BChecks for enhanced security testing and vulnerability analysis.

Documentation And Blogs

If you click the Icon in the top right of the BChecks sub tab in the Extensions tab you will be linked to the documentation.

Online documentation can be found here

BChecks: Houston, we have a solution! (blog)

Burp Suite Short (video)

Community Submissions

Please issue a pull request and follow the process outlined here

The BChecks

Examples

Example BChecks to help you get started covering

  • Blind SSRF via out-of-band detection
  • Exposed git directory
  • Leaked AWS Tokens
  • Log4Shell via out-of-band detection
  • Server Side Prototype Pollution
  • Suspicious Input Transformation

/examples

Vulnerabilities CVEd

BChecks for specific vulnerabilities which have a CVE

/vulnerabilities-CVEd

Vulnerability Classes

BChecks for specific vulnerability classes as opposed to discrete vulnerabilities.

/vulnerability-classes

Other

Other BChecks doing all the wonderful things which we didn’t imagine

/other

Varshini

Varshini is a Cyber Security expert in Threat Analysis, Vulnerability Assessment, and Research. Passionate about staying ahead of emerging Threats and Technologies.

Recent Posts

SeamlessPass: Using Kerberos Tickets to Access Microsoft 365

SeamlessPass is a specialized tool designed to leverage on-premises Active Directory Kerberos tickets to obtain…

8 hours ago

PPLBlade: Advanced Memory Dumping and Obfuscation Tool

PPLBlade is a powerful Protected Process Dumper designed to capture memory from target processes, hide…

12 hours ago

HikPwn : Simple Scanner For Hikvision Devices With Basic Vulnerability Scanning

HikPwn: Comprehensive Guide to Scanning Hikvision Devices for Vulnerabilities If you’re searching for an efficient…

1 day ago

Comments in Bash Scripts

What Are Bash Comments? Comments in Bash scripts, are notes in your code that the…

6 days ago

Shebang (#!) in Bash Script

When you write a Bash script in Linux, you want it to run correctly every…

1 week ago

Bash String Concatenation – Bash Scripting

Introduction If you’re new to Bash scripting, one of the first skills you’ll need is…

1 week ago