ProtoBurp++: Elevating Protobuf Security Research

A game-changer in cybersecurity tooling, designed to take Protobuf fuzzing and encoding in Burp Suite to new heights. Dive in to explore its enhanced capabilities and features, setting a new benchmark in security research. This is an updated version of ProtoBurp by Dillon Franke, with enhanced features and capabilities. We called this version ProtoBurp++ to distinguish the tool …

ReconAIzer – Enhancing Burp Suite With OpenAI

ReconAIzer is a powerful Jython extension for Burp Suite that leverages OpenAI to help bug bounty hunters optimize their recon process. This extension automates various tasks, making it easier and faster for security researchers to identify and exploit vulnerabilities. Once installed, ReconAIzer add a contextual menu and a dedicated tab to see the results: Prerequisites …

Turbo Intruder : A Burp Suite Extension For Sending Large Numbers

Turbo Intruder is a Burp Suite extension for sending large numbers of HTTP requests and analyzing the results. It’s intended to complement Burp Intruder by handling attacks that require exceptional speed, duration, or complexity. The following features set it apart: Fast – Turbo Intruder uses a HTTP stack hand-coded from scratch with speed in mind. …

AuthMatrix : A Burp Suite Extension That Provides A Simple Way To Test Authorization

AuthMatrix is an extension to Burp Suite that provides a simple way to test authorization in web applications and web services. With AuthMatrix, testers focus on thoroughly defining tables of users, roles, and requests for their specific target application upfront. These tables are structured in a similar format to that of an access control matrix …

Progress Burp : Burp Suite Extension To Track Vulnerability Assessment Progress

Progress Burp Suite extension to track vulnerability assessment progress. Features Capture items (unique requests) from the Burp Suite tools (Proxy, Repeater, Target). Request unique key is defined as follows: target (host, port, protocol), path and method. Items have following editable properties: comment status (Blocked, Done, Ignored, In progress, New, Postponed) tags Items can be filtered …

Burp Suite Extension For Generate A Random User Agents

A Burp Suite extension to help pentesters to generate a random user-agent. This extension has been developed by M’hamed (@m4ll0k) Outaadi. Installation Download a jar file in release or compile the java code: $ git clone https://github.com/m4ll0k/BurpSuite-Random_UserAgent.git random-useragents $ cd random-useragents/src/main/java $ javac burp/*.java $ jar cf random-useragents.jar burp/*.class Also Read – InjuredAndroid : A …

Asset Discover : Burp Suite Extension to Discover Assets From HTTP Response

Asset Discover is a tool for burp suite extension to discover assets from HTTP response using passive scanning. The outcome of any security assessment program, be it vulnerability assessment, penetration test or red team is limited by it’s scope. We cannot remediate the risks associated with a particular resource, which is not part of the …

Http Request Smuggler : Extension For Burp Suite

This is an extension for Burp Suite designed to help you launch HTTP Request Smuggler attacks, originally created during HTTP Desync Attacks research. It supports scanning for Request Smuggling vulnerabilities, and also aids exploitation by handling cumbersome offset-tweaking for you. Install Http Request Smuggler The easiest way to install this is in Burp Suite, via Extender -> BApp Store. …

GatherContacts – A Burp Suite Extension To Pull Employee Names From Google & Bing LinkedIn Search Results

GatherContacts is a Burp Suite Extension to pull Employee Names from Google and Bing LinkedIn Search Results. As part of reconnaissance when performing a penetration test, it is often useful to gather employee names that can then be massaged into email addresses and usernames. The usernames may come in handy for performing a password spraying …

Burp Extensions – Burp Suite Extensions For The New Burp Suite API v1.5+

Burp Extensions collection of extensions for the new Burp Suite API (v1.5+) using Submodules for easy collection and updating. If you want to add a new module to the collection just send a Pull request or create an Issue. If you want your collection removed create an Issue. The following command should pull down the …