Burpsuite Extensions – A collection of Burp Suite extensions

A collection of BurpSuite extensions.

Burpsuite Extensions gunziper

A plugin for the burpsuite (https://portswigger.net/burp/) which enables you to

  • “unpack” requests/responses (e.g. do an base64decode and afterwards a java deserialisation)
  • the possibility to gather e.g. a CSRF token from responses and automatically insert it in any request (without the need to do an extra request with burps macro functionality)
  • half automatically compare hundreds/thousands of responses for differences
    • Imagine you used intruder to test 10 GET parameters with payloads, and the application simply reflects the whole URL somewhere in the response. Of course, there might be XSS, but what about other vulnerabilities like SQL, XXE, … Sorting for the response size will not trivially point to relevant requests, so intruder comparer comes into play. With it, you can define a regex which strips parts of the response (e.g. the reflected URL) and then iterates over all responses and does a comparison of the last and current response, and if there are some differences, it will show a diff window similar to burp’s comparer. The libraries used for diffing are “Diff Match and Patch” (http://code.google.com/p/google-diff-match-patch) and “java-diff-utils” (http://code.google.com/p/java-diff-utils/).

Pre built jar files can be gathered from http://coding.f-block.org/

Also ReadHUNT – Burp Suite Pro/Free and OWASP ZAP Extensions

SAML ReQuest

A Burpsuite extension to test SAML authentication requests, used in many SSO implementations. It supports decoding and modification of SAML authentication requests and testing IdPs against manipulated requests. It is also integrated with Proxy, Repeater and Intruder, to make the maximum use of Burpsuite tools in testing SAML authentication requests.

R K

Recent Posts

Install Mono on Ubuntu 18.04: C# Compiler and Runtime Guide

Running programs built for Microsoft's framework on a Linux system is easier than you think. Mono is…

9 hours ago

Install OpenCV on Ubuntu 18.04: Step-by-Step Setup Guide

Computer vision technology powers many modern applications, from image editors to facial scanners. OpenCV (Open Source Computer…

10 hours ago

Install VNC on Ubuntu 18.04: Step-by-Step TigerVNC Setup

A remote desktop interface makes it easy to manage a remote computer. VNC (Virtual Network Computing) is…

10 hours ago

Install Gitea on Ubuntu 18.04: Self-Hosted Git Service Guide

Hosting your own code repositories is a great way to keep your projects private. Gitea is a…

10 hours ago

Install Java on Ubuntu 18.04: OpenJDK 11 and OpenJDK 8

Many modern programs require Java to run. From development tools like Eclipse to search systems…

10 hours ago

Configure a Static IP Address on Ubuntu 18.04: Netplan Guide

Setting a static IP address on your server is a smart move. It ensures your…

1 day ago