Displaying 1 to 18 from 18 results


  •    Python

This extension does not test these parameters, but rather alerts on them so that a bug hunter can test them manually. For each class of vulnerability, Bugcrowd has identified common parameters or functions associated with that vulnerability class. We also provide curated resources in the issue description to do thorough manual testing of these vulnerability classes. This extension allows testers to send requests and responses to a Burp Suite tab called "HUNT Methodology". This tab contains a tree on the left side that is a visual representation of your testing methodology. By sending request/responses here testers can organize or attest to having done manual testing in that section of the application or having completed a certain methodology step.

IntruderPayloads - A collection of Burpsuite Intruder payloads, fuzz lists and file uploads

  •    PHP

A collection of Burpsuite Intruder payloads and fuzz lists and pentesting methodology. To pull down all 3rd party repos, run install.sh in the same directory of the IntruderPayloads folder. This software is free to distribute, modify and use with the condition that credit is provided to the creator (1N3@CrowdShield) and is not for commercial use.

burp-molly-pack - Security checks pack for Burp Suite

  •    Java

Burp-molly-pack is Yandex security checks pack for Burp. The main goal of Burp-molly-pack is to extend Burp checks. Plugins contains Active and Passive security checks.

AutoRepeater - Automated HTTP Request Repeating With Burp Suite

  •    Java

AutoRepeater will only resend requests which are changed by a defined replacement. When AutoRepeater receives a request that matches the conditions set for a given tab, AutoRepeater will first apply every defined base replacement to the request, then will copy the request with the base replacements performed for each defined replacement and apply the given replacement to the request. Burp Suite is an intercepting HTTP Proxy, and it is the defacto tool for performing web application security testing. While Burp Suite is a very useful tool, using it to perform authorization testing is often a tedious effort involving a "change request and resend" loop, which can miss vulnerabilities and slow down testing. AutoRepeater, an open source Burp Suite extension, was developed to alleviate this effort. AutoRepeater automates and streamlines web application authorization testing, and provides security researchers with an easy-to-use tool for automatically duplicating, modifying, and resending requests within Burp Suite while quickly evaluating the differences in responses.

BurpSuiteHTTPSmuggler - A Burp Suite extension to help pentesters to bypass WAFs or test their effectiveness using a number of techniques

  •    Java

A Burp Suite extension to help pentesters to bypass WAFs or test their effectiveness using a number of techniques. This extension has been developed by Soroush Dalili (@irsdl) from NCC Group. The initial release (v0.1) only supports the Encoding capability that can be quite complicated to be performed manually. See the references for more details.

Autorize - Automatic authorization enforcement detection extension for burp suite written in Jython developed by Barak Tawily in order to ease application security people work and allow them perform an automatic authorization tests

  •    Python

Autorize is an automatic authorization enforcement detection extension for Burp Suite. It was written in Python by Barak Tawily, an application security expert, and Federico Dotta, a security expert at Mediaservice.net. Autorize was designed to help security testers by performing automatic authorization tests. With the last release now Autorize also perform automatic authentication tests. The first 2 statuses are clear, so I won’t elaborate on them.

Minesweeper - A Burpsuite plugin (BApp) to aid in the detection of scripts being loaded from over 9200+ malicious cryptocurrency mining domains (cryptojacking)

  •    Python

A Burpsuite plugin (BApp) to aid in the detection of scripts being loaded from over 9200+ malicious cryptocurrency mining domains (cryptojacking). As this is the first build of Minesweeper lists are currently built based on CoinBlockerLists. As the project matures more sources will be added, as well as direct code checks. Since CoinBlockerLists updates quite frequently code is included to allow you to manually update your source list from the CoinBlockerLists github project.

Web-Penetration-Testing-with-Kali-Linux-Third-Edition - Web Penetration Testing with Kali Linux - Third Edition, published by Packt

  •    HTML

This is the code repository for Web Penetration Testing with Kali Linux - Third Edition, published by Packt. It contains all the supporting project files necessary to work through the book from start to finish. Web Penetration Testing with Kali Linux - Third Edition shows you how to set up a lab, helps you understand the nature and mechanics of attacking websites, and explains classical attacks in great depth. This edition is heavily updated for the latest Kali Linux changes and the most recent attacks. Kali Linux shines when it comes to client-side attacks and fuzzing in particular.

Gurp - Burp Commander written in Go

  •    Go

Enable the API under User Options > Misc > REST API. Add rsrc to the $PATH to build Windows binaries using the icon.

docker_burp - Burp Pro as a Docker Container

  •    Dockerfile

How to run any GUI application (and Burp in particular) from Docker.

research - Hello and welcome to my GitHub account

  •    Javascript

Hello and welcome to my GitHub account. If you'd like to know more about me, this is likely the best place to start

Burp_Suite_Documentation_2.0_zh_cn - 这是基于Burp Suite 官方文档翻译的中文版,以最新的2.0 Beta为基准进行的翻译


这是基于Burp Suite 官方文档翻译的中文版,以最新的2.0 Beta为基准进行的翻译

similar-request-excluder - A Burp Suite extension that automatically marks similar requests as 'out-of-scope'

  •    Java

You can install Similar Request Excluder using the BAppStore! Please check the installation instructions on the wiki. The F.A.Q helps to troubleshoot any problems that might occur. Please note that the thesis has been anonymised and some private information has been redacted. The source of the thesis (LaTex) is not open-source at the moment. The thesis focuses on release v1.0.0 of the extension; however, many changes have been made in the meantime.