In this Burp Suite Tutorial, we are going to elaborately describe the Burp Suite tool and its features that are bundled in a single suite made for Web Application Security assessment as well as Penetration testing. It’s a java executable and hence it’s cross-platform. Kali Linux comes with Burp Suite free edition installed. There is …
Tag Archives: burpsuite
Nuclei-Burp-Plugin : Nuclei Plugin For BurpSuite
Nuclei-Burp-Plugin is a BurpSuite plugin intended to help with nuclei template generation. Features Template matcher generation Word and Binary matcher creation using selected response snippets from Proxy history or Repeater contexts Multi-line selections are split to separate words for readability Binary matchers are created for selections containing non-ASCII characters The part field is auto-set based on whether the selection was in the request header or body Every generated template …
Continue reading “Nuclei-Burp-Plugin : Nuclei Plugin For BurpSuite”
Burpsuite : Copy As XMLHttpRequest Extension
The extension adds a context menu to BurpSuite that allows you to copy multiple requests as Javascript’s XmlHttpRequest, which simplifies PoC development when exploiting XSS. Installation download the latest JAR from releases or build manually add JAR to burpsuite using tabs: “Extender” -> “Extensions” -> “Add” Usage select one request from any tab or a …
Continue reading “Burpsuite : Copy As XMLHttpRequest Extension”
BurpSuite : Secret Finder Extension To Discover APIkeys/Tokens From HTTP Response
BurpSuite is a Secret Finder Burp Suite extension to discover a apikey/tokens from HTTP response. Install >>Download SecretFinder wget https://raw.githubusercontent.com/m4ll0k/BurpSuite-Secret_Finder/master/SecretFinder.py or git clone https://github.com/m4ll0k/BurpSuite-Secret_Finder.git>>now open Burp > Extender > Extensions > Add > set python and select file (SecretFinder.py) Also Read – SubDomain3: A New Generation Tool For Discovering Subdomains Requirements jython burpsuite
Custom Header : Automatic Add New Header To Entire BurpSuite HTTP Requests
Custom Header is a Burp Suite extension allows you to customize header with put a new header into HTTP REQUEST BurpSuite (Scanner, Intruder, Repeater, Proxy History) and also you can choose whatever HTTP VERB what do you want to customize. Usage Easy to use ! 🙂 Don’t forget to click save button ! Also Read …
Continue reading “Custom Header : Automatic Add New Header To Entire BurpSuite HTTP Requests”
BurpSuite Extension Ruby : Template to speed up building a Burp Extension using Ruby
Due the lake of examples and implementations of BurpSuite Extension Ruby, we have decided to make it easy for all rubyists to have a confident and quick start to build useful extension for InfoSec community. This repository is a collection of templates of Burp Suite Extensions, focusing on Burp suite API functionalities and simplifying Java …
Burpsuite Extensions – A collection of Burp Suite extensions
A collection of BurpSuite extensions. Burpsuite Extensions gunziper A plugin for the burpsuite (https://portswigger.net/burp/) which enables you to “unpack” requests/responses (e.g. do an base64decode and afterwards a java deserialisation) Deserialisation is done with xstream (http://x-stream.github.io/index.html) and kxml2 (https://sourceforge.net/projects/kxml/files/kxml2/2.3.0/) the possibility to gather e.g. a CSRF token from responses and automatically insert it in any request …
Continue reading “Burpsuite Extensions – A collection of Burp Suite extensions”
GatherContacts – A Burp Suite Extension To Pull Employee Names From Google & Bing LinkedIn Search Results
GatherContacts is a Burp Suite Extension to pull Employee Names from Google and Bing LinkedIn Search Results. As part of reconnaissance when performing a penetration test, it is often useful to gather employee names that can then be massaged into email addresses and usernames. The usernames may come in handy for performing a password spraying …
PwnBack – Burp Extender Plugin That Generates A Sitemap Of A Website Using Wayback Machine
PwnBack requires PhantomJS to run. To understand why it is required currently see the section PhantomsJS. The plugin has several settings that a user can define depending on their hardware setup. PhantomJS WebDrivers The number of Firefox headless browsers to open. Be mindful of Burp Suite’s memory settings HTTP Response Parsers These are responsible for …
Headless Burp – Automate security tests using Burp Suite
Headless Burp provides an extension to Burp that allows you to run Burp Suite’s Spider and Scanner tools in headless mode via command-line. However, it can do more! It can produce a JUnit like report which in turn could instruct the CI server to mark the build as “failed” whenever any vulnerabilities are found. You …
Continue reading “Headless Burp – Automate security tests using Burp Suite”