burp插件大全漏洞扫描 waf绕过 sql XSS 命令注入 fuzzer

项目地址①: https://github.com/Mr-xn/BurpSuite-collections
BurpSuite收集：包括不限于 Burp 文章、破解版、插件(非BApp Store)、汉化等相关教程
包含如下插件:

HackBar.jar
LFI scanner checks.jar
LoggerPlusPlus.jar
WooyunSearch-1.0-SNAPSHOT-jar-with-dependencies.jar
burp-vulners-scanner-1.2.jar
bypasswaf.jar
chunked-coding-converter.0.2.1.jar
domain_hunter-v1.4.jar	update domain_hunter-v1.3.jar
http-request-smuggler-all.jar
httpsmuggler.jar
knife-1.6.jar
passive-scan-client-0.1-jar-with-dependencies.jar
reCAPTCHA-v0.9.jar
sqlmap.jar
sqlmap4burp++.0.2.jar
jsEncrypter-0.3.jar

项目地址②: https://github.com/snoopysecurity/awesome-burp-extensions
包含如下插件:

burp插件目录:

Scanners-扫描类
Custom Features-自定义功能类
Beautifiers and Decoders-美化和解码相关
Cloud Security-云安全,主要是AWS这类真云
Scripting-脚本相关
OAuth and SSO-开放授权(OAuth)和单点登录(SSO)相关安全检测插件
Information Gathering-信息收集
Vulnerability Specific Extensions-各个类型漏洞相关插件
- Cross-site scripting-跨站脚本
- SSRF-SSRF(服务器端请求伪造)
- Broken Access Control-越权访问（Broken Access Control，简称BAC）
- Cross-Site Request Forgery-跨站请求伪造,注意和SSRF区别
- Deserialization-反序列化,一般用于检查Java/PHP这类常见动态语言
- Sensitive Data Exposure-敏感信息泄露
- SQL Injection-熟悉的SQL注入
- XXE-XXE(XML External Entity,也就是XML外部实体注入攻击)详细介绍一 | 详细介绍二
- Insecure File Uploads-不安全的文件上传
- Directory Traversal-列目录，目录遍历
- Session Management-会话管理，越权检测、随机请求头、WAF探测
- Command Injection-命令注入
Web Application Firewall Evasion-bypass WAF相关插件
Logging and Notes-日志和备注相关
Payload Generators and Fuzzers-字典/payload的生成或FUZZer
Cryptography-加解密相关
Tool Integration-与burp或其他软件集成的相关插件
Misc-其他的，未分类的杂项
Burp Extension Training Resources-与开发Burp扩展有帮助的相关博客文章，演讲和幻灯片。

Scanners

Passive and Active scan plugins.

Active Scan++ – ActiveScan++ extends Burp Suite’s active and passive scanning capabilities.
Burp Vulners Scanner – Vulnerability scanner based on vulners.com search API.
Additional Scanner checks – Collection of scanner checks missing in Burp.
CSRF Scanner – CSRF Scanner Extension for Burp Suite Pro.
HTML5 Auditor – This extension checks for usage of HTML5 features that have potential security risks.
Software Version Reporter – Burp extension to passively scan for applications revealing software version numbers.
J2EEScan – J2EEScan is a plugin for Burp Suite Proxy. The goal of this plugin is to improve the test coverage during web application penetration tests on J2EE applications.
Java Deserialization Scanner – All-in-one plugin for Burp Suite for the detection and the exploitation of Java deserialization vulnerabilities.
CSP Bypass – A Burp Plugin for Detecting Weaknesses in Content Security Policies.
Burp Sentinel – GUI Burp Plugin to ease discovering of security holes in web applications.
Backslash Powered Scanner – Finds unknown classes of injection vulnerabilities.
Collaborator Everywhere – A Burp Suite Pro extension which augments your proxy traffic by injecting non-invasive headers designed to reveal backend systems by causing pingbacks to Burp Collaborator
Burp Molly Pack – Security checks pack for Burp Suite.
Noopener Burp Extension – Find Target=_blank values within web pages that are set without noopener and noreferrer attributes.
ActiveScan3Plus – Modified version of ActiveScan++ Burp Suite extension.
Burp Image Size – Image size issues plugin for Burp Suite.
UUID issues for Burp Suite – UUID issues for Burp Suite.
JSON array issues for Burp Suite – JSON Array issues plugin for Burp Suite.
Burp Retire JS – Burp/ZAP/Maven extension that integrate Retire.js repository to find vulnerable Javascript libraries.
SOMEtime – A BurpSuite plugin to detect Same Origin Method Execution vulnerabilities.
HTTPoxy Scanner – A Burp Suite extension that checks for the HTTPoxy vulnerability.
ParrotNG – ParrotNG is a tool capable of identifying Adobe Flex applications (SWF) vulnerable to CVE-2011-2461.
Error Message Checks – Burp Suite extension to passively scan for applications revealing server error messages.
Identity Crisis – A Burp Suite extension that checks if a particular URL responds differently to various User-Agent headers.
CSP Auditor – Burp and ZAP plugin to analyse Content-Security-Policy headers or generate template CSP configuration from crawling a Website/
Burp Suite GWT Scan – Burp Suite plugin identifies insertion points for GWT (Google Web Toolkit) requests.
Minesweeper – A Burpsuite plugin (BApp) to aid in the detection of scripts being loaded from over 14000+ malicious cryptocurrency mining domains (cryptojacking).
Yara – This extension allows you to perform on-demand Yara scans of websites within the Burp interface based on custom Yara rules that you write or obtain.
WordPress Scanner – Find known vulnerabilities in WordPress plugins and themes using WPScan database.
Web Cache Deception Burp Extension – This extension tests applications for the Web Cache Deception vulnerability.
UUID Detector – This extension passively reports UUID/GUIDs observed within HTTP requests.
SSL Scanner – This extension enables Burp to scan for SSL vulnerabilities.
Software Vulnerability Scanner – This extension scans for vulnerabilities in detected software versions using the Vulners.com API.
Reverse Proxy Detector – This extension detects reverse proxy servers.
SRI Check – A Burp Suite extension for identifying missing Subresource Integrity attributes.
Reflected File Download Checker – This extension checks for reflected file downloads.
Length Extension Attacks – his extension lets you perform hash length extension attacks on weak signature mechanisms.
Headers Analyzer – This extension adds a passive scan check to report security issues in HTTP headers.
Heartbleed – This extension adds a new tab to Burp’s Suite main UI allowing a server to be tested for the Heartbleed bug. If the server is vulnerable, data retrieved from the server’s memory will be dumped and viewed.
Image Size Issues – This extension passively detects potential denial of service attacks due to the size of an image being specified in request parameters.
CMS Scanner – An active scan extension for Burp that provides supplemental coverage when testing popular content management systems.
Detect Dynamic JS – This extension compares JavaScript files with each other to detect dynamically generated content and content that is only accessible when the user is authenticated.
CTFHelper – This extension will scan some sensitive files (backup files likes .index.php.swp or .git directory) in web server that makes solving CTF challenge faster.
Broken Link Checker – This extension discovers the broken links passively could be handy in second order takeovers.
Scan manual insertion point – This Burp extension lets the user select a region of a request (typically a parameter value), and via the context menu do an active scan of just the insertion point defined by that selection.
AdminPanelFinder – A burp suite extension that enumerates infrastructure and application Admin Interfaces (OWASP OTG-CONFIG-005).
HTTP Request Smuggler – This is an extension for Burp Suite designed to help you launch HTTP Request Smuggling attacks, originally created during HTTP Desync Attacks research. It supports scanning for Request Smuggling vulnerabilities, and also aids exploitation by handling cumbersome offset-tweaking for you.
JS Link Finder – Burp Extension for a passively scanning JavaScript files for endpoint links. – Export results the text file – Exclude specific ‘js’ files e.g. jquery, google-analytics.
iRule Detector – Detect a Remote Code or Command Execution (RCE) vulnerability in some implementations of F5 Networks’ popular BigIP load balancer.
Burp AEM Security Scanner Extension – Burp AEM Security Scanner is an AEM focussed plugin which supports the evaluation of well known misconfigurations of AEM installations.
FlareQuench – Burp Suite plugin that adds additional checks to the passive scanner to reveal the origin IP(s) of Cloudflare-protected web applications.

Custom Features

Extensions related to customizing Burp features and extend the functionality of Burp Suite in numerous ways.

Burp Bounty – Scan Check Builder – This BurpSuite extension allows you, in a quick and simple way, to improve the active and passive burpsuite scanner by means of personalized rules through a very intuitive graphical interface.
Scan Manual Insertion Point – This Burp extension lets the user select a region of a request (typically a parameter value), and via the context menu do an active scan of just the insertion point defined by that selection.
Distribute Damage – Designed to make Burp evenly distribute load across multiple scanner targets, this extension introduces a per-host throttle and a context menu to trigger scans from.
Add & Track Custom Issues – This extension allows custom scan issues to be added and tracked within Burp.
Decoder Pro – Burp Suite Plugin to decode and clean up garbage response text.
Decoder Improved – Decoder Improved is a data transformation plugin for Burp Suite that better serves the varying and expanding needs of information security professionals.
Request Highlighter – Request Highlighter is a simple extension for Burp Suite tool (for both community and professional editions) that provides an automatic way to highlight HTTP requests based on headers content (eg. Host, User-Agent, Cookies, Auth token, custom headers etc.).
Request Minimizer – This extension performs HTTP request minimization. It deletes parameters that are not relevant such as: random ad cookies, cachebusting nonces, etc.
Wildcard – There is number of great Burp extension out there. Most of them create their own tabs.
Hackvertor – Hackvertor is a tag-based conversion tool that supports various escapes and encodings including HTML5 entities, hex, octal, unicode, url encoding etc.
Multi-Browser Highlighting – This extension highlights the Proxy history to differentiate requests made by different browsers. The way this works is that each browser would be assigned one color and the highlights happen automatically.
Manual Scan Issues – This extension allows users to manually create custom issues within the Burp Scanner results.
Handy Collaborator – Handy Collaborator is a Burp Suite Extension that lets you use the Collaborator tool during manual testing in a comfortable way.
BadIntent – Intercept, modify, repeat and attack Android’s Binder transactions using Burp Suite.
Custom Send-To – Adds a customizable “Send to…”-context-menu to your BurpSuite.
IPRotate Burp Extension – Extension for Burp Suite which uses AWS API Gateway to rotate your IP on every request.
Timeinator – Timeinator is an extension for Burp Suite that can be used to perform timing attacks over an unreliable network such as the internet.
Auto-Drop Requests – Burp extension to automatically drop requests that match a certain regex.
Scope Monitor – A Burp Suite Extension to monitor and keep track of tested endpoints.
Taborator – Improved Collaborator client in its own tab.
pip3line – Raw bytes manipulation utility, able to apply well known and less well known transformations.
Auto Drop – This extension allows you to automatically Drop requests that match a certain regex. Helpful in case the target has logging or tracking services enabled.

Beautifiers and Decoders

Extensions related to beautifying and decoding data formats.

.NET Beautifier – A BurpSuite extension for beautifying .NET message parameters and hiding some of the extra clutter that comes with .NET web apps (i.e. __VIEWSTATE).
JS Beautifier – Burp Suite JS Beautifier
Burp ASN1 Toolbox – ASN.1 toolbox for Burp Suite.
JSON JTree viewer for Burp Suite – JSON JTree viewer for Burp Suite.
JSON Beautifier – JSON Beautifier for Burp written in Java
Browser Repeater – BurpSuite extension for Repeater tool that renders responses in a real browser.
GQL Parser – A repository for GraphQL Extension for Burp Suite
XChromeLogger Decoder – his extension adds a new tab in the HTTP message editor to display X-ChromeLogger-Data in decoded form.
WebSphere Portlet State Decoder – This extension displays the decoded XML state of a WebSphere Portlet in a new tab when the request is viewed.
PDF Viewer – This extension adds a tab to the HTTP message viewer to render PDF files in responses.
NTLM Challenge Decoder – This extension decodes NTLM SSP headers.
JCryption Handler – This extension provides a way to perform manual and/or automatic Security Assessment for Web Applications that using JCryption JavaScript library to encrypt data sent through HTTP methods (GET and POST).
JSWS Parser – This extension can be used to parse a response containing a JavaScript Web Service Proxy (JSWS) and generate JSON requests for all supported methods.
JSON Decoder – This extension adds a new tab to Burp’s HTTP message editor, and displays JSON messages in decoded form.
MessagePack – This extension supports: decoding MessagePack requests and responses to JSON format, converting requests from JSON format to MessagePack.
Fast Infoset Tester – This extension converts incoming Fast Infoset requests and responses to XML, and converts outgoing messages back to Fast Infoset.
burp-protobuf-decoder – A simple Google Protobuf Decoder for Burp
BurpAMFDSer – BurpAMFDSer is a Burp plugin that will deserialze/serialize AMF request and response to and from XML with the use of Xtream library.
Deflate Burp Plugin – The Deflate Burp Plugin is a plug-in for Burp Proxy (it implements the IBurpExtender interface) that decompresses HTTP response content in the ZLIB (RFC1950) and DEFLATE (RFC1951) compression formats.
Burp Suite GWT wrapper – Burp Suite GWT wrapper
GraphQL Beautifier – Burp Suite extension to help make Graphql request more readable.
Decoder Improved – Improved decoder for Burp Suite.
Cyber Security Transformation Chef – The Cyber Security Transformation Chef (CSTC) is a Burp Suite extension. It is build for security experts to extend Burp Suite for chaining simple operations for each incomming or outgoing message.
GraphQL Raider – GraphQL Raider is a Burp Suite Extension for testing endpoints implementing GraphQL.
JSONPath – Burp Suite extension to view and extract data from JSON responses.

Cloud Security

Plugins related to assessing Cloud Security services such as Amazon AWS.

AWS Security Checks – This extensions provides additional Scanner checks for AWS security issues.
AWS Extender – AWS Extender (Cloud Storage Tester) is a Burp plugin to assess permissions of cloud storage containers on AWS, Google Cloud and Azure.
AWS Signer – Burp Extension for AWS Signing.

Scripting

Extensions related to Scripting.

Python Scripter – This extension allows execution of a custom Python script on each HTTP request and response processed by Burp.
Burpkit – BurpKit is a BurpSuite plugin which helps in assessing complex web apps that render the contents of their pages dynamically.
Burp Requests – Copy as requests plugin for Burp Suite.
Burpy – Portable and flexible web application security assessment tool.It parses Burp Suite log and performs various tests depending on the module provided and finally generate a HTML report.
Buby – A JRuby implementation of the BurpExtender interface for PortSwigger Burp Suite.
Burpee – Python object interface to requests/responses recorded by Burp Suite.
Burp Jython Tab – Description not available.
Reissue Request Scripter – This extension generates scripts to reissue a selected request.
Burp Buddy – burpbuddy exposes Burp Suites’s extender API over the network through various mediums, with the goal of enabling development in any language without the restrictions of the JVM.
Copy As Python-Requests – This extension copies selected request(s) as Python-Requests invocations.
Copy as PowerShell Requests – This extension copies the selected request(s) as PowerShell invocation(s).
Copy as Node Request – This extension copies the selected request(s) as Node.JS Request invocations.
Copy as JavaScript Request – This Burp Extension copies the selected request to the clipboard as JavaScript Fetch API.
BReWSki – BReWSki (Burp Rhino Web Scanner) is a Java extension for Burp Suite that allows user to write custom scanner checks in JavaScript.

OAuth and SSO

Extensions for assessing Single sign-on (SSO) and OAuth related applications.

SAML Raider – SAML Raider is a Burp Suite extension for testing SAML infrastructures. It contains two core functionalities: Manipulating SAML Messages and manage X.509 certificates.
Burp OAuth – OAuth plugin for Burp Suite Extender.
EsPReSSO – An extension for BurpSuite that highlights SSO messages in Burp’s proxy window..
SAML Encoder/Decoder – This extension adds a new tab to Burp’s main UI, allowing encoding and decoding of SAML (Security Assertion Markup Language) formatted messages.
SAML Editor – This extension adds a new tab to Burp’s HTTP message editor, allowing encoding and decoding of SAML (Security Assertion Markup Language) formatted messages.
PeopleSoft Token Extractor – This extension help test PeopleSoft SSO tokens.
JSON Web Token Attacker – This extension helps to test applications that use JavaScript Object Signing and Encryption, including JSON Web Tokens.
JSON Web Tokens – This extension lets you decode and manipulate JSON web tokens on the fly, check their validity and automate common attacks against them.
AuthHeader Updater – Burp extension to specify the token value for the Authenication header while scanning.
Dupe Key Injector – Dupe Key Injetctor is a Burp Suite extension implementing Dupe Key Confusion, a new XML signature bypass technique presented at BSides/BlackHat/DEFCON 2019 “SSO Wars: The Token Menace” presentation.
SAMLReQuest – Enables you to view, decode, and modify SAML requests and responses.

Information Gathering

Extensions related to Discovery, Spidering and Information Gathering.

Google Hack – This extension provides a GUI interface for setting up and running Google Hacking queries, and lets you add results directly to Burp’s site map..
PwnBack/Wayback Machine – Burp Extender plugin that generates a sitemap of a website using Wayback Machine.
Directory File Listing Parser Importer – This is a Burp Suite extension in Python to parse a directory and file listing text file of a web application.
Site Map Extractor – This extension extracts information from the Site Map. You can use the full site map or just in-scope items.
Site Map Fetcher – This extension fetches the responses of unrequested items in the site map.
Burp CSJ – This extension integrates Crawljax, Selenium and JUnit together. The intent of this extension is to aid web application security testing, increase web application crawling capability and speed-up complex test-cases execution.
Attack Surface Detector – The Attack Surface Detector uses static code analyses to identify web app endpoints by parsing routes and identifying parameters.
domain_hunter – A Burp Suite extender that try to find sub-domains,similar domains and related domains of an organization, not only domain.
BigIP Discover – A extension of Burp suite. The cookie set by the BipIP server may include a private IP, which is an extension to detect that IP
AdminPanelFinder – A burp suite extension that enumerates infrastructure and application Admin Interfaces (OWASP OTG-CONFIG-005).
Asset Discover – Burp Suite extension to discover assets from HTTP response using passive scanning.
DirectoryImporter – This is a Burpsuite plugin built to enable you to import your directory bruteforcing results into burp for easy viewing later.
Dr. Watson – Dr. Watson is a simple Burp Suite extension that helps find assets, keys, subdomains, IP addresses, and other useful information.

Vulnerability Specific Extensions

Cross-site scripting

XSS Validator – This is a burp intruder extender that is designed for automation and validation of XSS vulnerabilities.
burp-xss-sql-plugin – Publishing plugin which I used for years which helped me to find several bugbounty-worthy XSSes, OpenRedirects and SQLi.
Burp Hunter – XSS Hunter Burp Plugin.
DOM XSS Checks – This Burp Suite plugin passively scans for DOM-Based Cross-Site Scripting.
Reflector – Burp plugin able to find reflected XSS on page in real-time while browsing on site
BitBlinder – Burp extension helps in finding blind xss vulnerabilities
JavaScript Security Burp Extension – A Burp Suite extension which performs checks for cross-domain scripting against the DOM, subresource integrity checks, and evaluates JavaScript resources against threat intelligence data.
Reflected Parameters – This extension monitors traffic and looks for request parameter values (longer than 3 characters) that are reflected in the response.
BitBlinder – Burp extension helps in finding blind xss vulnerabilities.
jsonp – jsonp is a Burp Extension which attempts to reveal JSONP functionality behind JSON endpoints. This could help reveal cross-site script inclusion vulnerabilities or aid in bypassing content security policies.

Server-Side-Request-Forgery

Broken Access Control

Burplay/Multi Session Replay – Burplay is a Burp Extension allowing for replaying any number of requests using same modifications definition. Its main purpose is to aid in searching for Privilege Escalation issues.
AuthMatrix – AuthMatrix is a Burp Suite extension that provides a simple way to test authorization in web applications and web services.
Autorize – Automatic authorization enforcement detection extension for burp suite written in Jython developed by Barak Tawily in order to ease application security people work and allow them perform an automatic authorization tests.
AutoRepeater – Automated HTTP Request Repeating With Burp Suite.
UUID issues for Burp Suite – UUID issues for Burp Suite.
Authz – Burp plugin to test for authorization flaws.
Paramalyzer – Paramalyzer – Burp extension for parameter analysis of large-scale web application penetration tests.
Burp SessionAuth – Burp plugin which supports in finding privilege escalation vulnerabilities.
Auto Repeater – This extension automatically repeats requests, with replacement rules and response diffing. It provides a general-purpose solution for streamlining authorization testing within web applications.
IncrementMe Please – Burp extension to increment a parameter in each active scan request.

Cross-Site Request Forgery

CSRF Scanner – CSRF Scanner Extension for Burp Suite Pro.
CSurfer – CSurfer is a CSRF guard hiding extension that keeps track of the latest guard value per session and update new requests accordingly.
Additional CSRF Checks/EasyCSRF – EasyCSRF helps to find weak CSRF-protection in WebApp which can be easily bypassed.
Match/Replace Session Action – This extension provides match and replace functionality as a Session Handling Rule.
Token Extractor – This extension allows tokens to be extracted from a response and replaced in requests.
CSRF Token Tracker – This extension provides a sync function for CSRF token parameters.
Token Rewrite – This extension lets you search for specific values like CSRF tokens in responses and use their values to modify parameters in future requests or set a cookie.
burp-multistep-csrf-poc – Burp extension to generate multi-step CSRF POC.

Deserialization

Java-Deserialization-Scanner – All-in-one plugin for Burp Suite for the detection and the exploitation of Java deserialization vulnerabilities.
Java Serial Killer – Burp extension to perform Java Deserialization Attacks.
BurpJDSer-ng – Allows you to deserialize java objects to XML and lets you dynamically load classes/jars as needed.
PHP Object Injection Check – This extension adds an active scan check to find PHP object injection vulnerabilities..
Java Serialized Payloads – This extension generates various Java serialized payloads designed to execute OS commands..
Freddy, Deserialization Bug Finder – Helps with detecting and exploiting serialization libraries/APIs.
CustomDeserializer – This extension speeds up manual testing of web applications by performing custom deserialization.
BurpJDSer – BurpJDSer is a Burp plugin that will deserialze/serialize Java request and response to and from XML with the use of Xtream library.

Sensitive Data Exposure

Burp Smart Buster – A Burp Suite content discovery plugin that add the smart into the Buster!.
PDF Metadata – The PDF Metadata Burp Extension provides an additional passive Scanner check for metadata in PDF files.
SpyDir – BurpSuite extension to assist with Automated Forced Browsing/Endpoint Enumeration.
Burp Hash – Many applications will hash parameters such as ID numbers and email addresses for use in secure tokens, like session cookies.
Param Miner – This extension identifies hidden, unlinked parameters. It’s particularly useful for finding web cache poisoning vulnerabilities.
MindMap Exporter – Aids with documentation of the following OWASP Testing Guide V4 tests: OTG-INFO-007: Map execution paths through application, OTG-INFO-006: Identify application entry points.
Image Location & Privacy Scanner – Passively scans for GPS locations or embedded privacy related exposure (like camera serial numbers) in images during normal security assessments of websites via a Burp plug-in.
Image Metadata – This extension extract metadata present in image files. The information found is rarely critical, but it can be useful for general reconnaissance. These information can be usernames who created the files, local paths and technologies used.
ExifTool Scanner – This Burp extension reads metadata from various filetypes (JPEG, PNG, PDF, DOC, XLS and much more) using ExifTool. Results are presented as Passive scan issues and Message editor tabs.
Interesting Files Scanner – Interesting Files Scanner extends Burp Suite’s active scanner, with scans for interesting files and directories. A main feature of the extension is the check for false positives with tested patterns for each case.
BeanStack – Stack-trace Fingerprinter – Java Fingerprinting using Stack Traces. Note that this extension sends potentially private stack-traces to a third party for processing.
Directory Importer – This is a Burpsuite plugin for importing directory bruteforcing results into Burp for futher analysis.
JS Link Finder – Burp Extension for a passively scanning JavaScript files for endpoint links. – Export results the text file – Exclude specific ‘js’ files e.g. jquery, google-analytics.

SQL Injection

CO2 – A collection of enhancements for Portswigger’s popular Burp Suite web penetration testing tool.
SQLiPy – SQLiPy is a Python plugin for Burp Suite that integrates SQLMap using the SQLMap API.
burp-xss-sql-plugin – ublishing plugin which I used for years which helped me to find several bugbounty-worthy XSSes, OpenRedirects and SQLi.
SQLiPy Sqlmap Integration – This extension integrates Burp Suite with SQLMap.
InjectMate – Burp Extension that generates payloads for XSS, SQLi, and Header injection vulns
Burptime – Show time cost in burp proxy history, it’s useful when testing time-based sql injection..

XXE

Office OpenXML Editor – Burp extension that add a tab to edit Office Open XML document (xlsx,docx,pptx).
Content Type Converter – Burp extension to convert XML to JSON, JSON to XML, x-www-form-urlencoded to XML, and x-www-form-urlencoded to JSON.

Insecure File Uploads

Upload Scanner – A Burp Suite Pro extension to do security tests for HTTP file uploads.
ZIP File Raider – Burp Extension for ZIP File Payload Testing.
File Upload Traverser – This extension verifies if file uploads are vulnerable to directory traversal vulnerabilities.

Directory Traversal

Uploader – Burp extension to test for directory traversal attacks in insecure file uploads.
off-by-slash – Burp extension to detect alias traversal via NGINX misconfiguration at scale.

Session Management

WAFDetect – This extension passively detects the presence of a web application firewall (WAF) from HTTP responses.
TokenJar – This extension provides a way of managing tokens like anti-CSRF, CSurf, Session IDs.
Token Incrementor – A simple but useful extension to increment a parameter in each request, intended for use with Active Scan.
Token Extractor – This extension allows tokens to be extracted from a response and replaced in requests.
Session Auth – This extension can be used to identify authentication privilege escalation vulnerabilities.
Session Timeout Test – This extension attempts to determine how long it takes for a session to timeout at the server.
Session Tracking Checks – This extension checks for the presence of known session tracking sites.
ExtendedMacro – This extension provides a similar but extended version of the Burp Suite macro feature.
AuthHeader Updater – Burp extension to specify the token value for the Authenication header while scanning.
Request Randomizer – This extension registers a session handling rule which places a random value into a specified location within requests.
BearerAuthToken – This burpsuite extender provides a solution on testing Enterprise applications that involve security Authorization tokens into every HTTP requests.
Burp Wicket Handler – Used as part of Burps Session Handling, Record a Macro which just gets the page you want to submit
Add Request to Macro – This Burp extension lets you add a request to an existing macro.
Cookie Decrypter – A Burp Suite Professional extension for decrypting/decoding various types of cookies.

Command Injection

Command Injection Attacker/Shelling – a comprehensive OS command injection payload generator.
Argument Injection Hammer – it is used to identify argument injection vulnerabilities, like curl awk etc, and sth just like these

Template Injection

tplmap Burp Extenson – Burp extension for Tplmap, a Server-Side Template Injection and Code Injection Detection and Exploitation Tool

Web Application Firewall Evasion

The following extensions can aid during WAF evasion.

Bypass Waf – Add headers to all Burp requests to bypass some WAF products.
Random IP Address Header – This extension automatically generates IPV6 and IPV4 fake source address headers to evade WAF filtering.
Burp Suite HTTP Smuggler – A Burp Suite extension to help pentesters to bypass WAFs or test their effectiveness using a number of techniques.
What-The-WAF – This extension adds a custom payload type to the Intruder tool, to help test for bypasses of Web Application Firewalls (WAFs).
WAF Cookie Fetcher – This extension allows web application security testers to register various types of cookie-related session handling actions to be performed by the Burp session handling rules.
WAFDetect – This extension passively detects the presence of a web application firewall (WAF) from HTTP responses.
LightBulb WAF Auditing Framework – LightBulb is an open source python framework for auditing web application firewalls and filters.
BurpSuiteHTTPSmuggler – A Burp Suite extension to help pentesters to bypass WAFs or test their effectiveness using a number of techniques.
Chunked coding converter – This entension use a Transfer-Encoding technology to bypass the waf.

Logging and Notes

Extensions related to logging HTTP traffic during assessments and storing Burp traffic.

Burp Notes – Burp Notes Extension is a plugin for Burp Suite that adds a Notes tab. The tool aims to better organize external files that are created during penetration testing..
Logger++ – Burp Suite Logger++: Log activities of all the tools in Burp Suite.
Burp Dump – A Burp plugin to dump HTTP(S) requests/responses to a file system.
Burp SQLite logger – SQLite logger for Burp Suite.
Burp Git Version – Description not available.
Burp Commentator – Generates comments for selected request(s) based on regular expressions.
Burp Suite Importer – Connect to multiple web servers while populating the sitemap.
Burp Replicator – Burp extension to help developers replicate findings from pen tests.
Notes – This extension adds a new tab to Burp’s UI, for taking notes and organizing external files that are created during penetration testing.
Log Requests to SQLite – This extension keeps a trace of every HTTP request that has been sent via BURP, in an SQLite database. This is useful for keeping a record of exactly what traffic a pen tester has generated.
Flow – This extension provides a Proxy history-like view along with search filter capabilities for all Burp tools.
Custom Logger – This extension adds a new tab to Burp’s main UI containing a simple log of all requests made by all Burp tools.
Log Requests to SQLite – BURP extension to record every HTTP request send via BURP and create an audit trail log of an assessment.
Burp Response Clusterer – Burp plugin that clusters responses to show an overview of received responses.
Burp Collect500 – Burp plugin that collects all HTTP 500 messages.
Sink Logger – Sink Logger is a Burp Suite Extension that allows to transparently monitor various JavaScript sinks.
Burp Scope Monitor Extension – A Burp Suite Extension to monitor and keep track of tested endpoints.
Burp Savetofile – BurpSuite plugin to save just the body of a request or response to a file
Log Viewer – Lets you view log files generated by Burp in a graphical enviroment.
Rapid – A fairly simple Burp Suite extension that enables you to save HTTP Requests and Responses to files a lot faster and in one go.

Payload Generators and Fuzzers

Wordlist/payload generators and fuzzers.

CO2 – A collection of enhancements for Portswigger’s popular Burp Suite web penetration testing tool.
Bradamsa – Burp Suite extension to generate Intruder payloads using Radamsa.
Payload Parser – Burp Extension for parsing payloads containing/excluding characters you provide.
Burp Luhn Payload Processor – A plugin for Burp Suite Pro to work with attacker payloads and automatically generate check digits for credit card numbers and similar numbers that end with a check digit generated using the Luhn algorithm or formula (also known as the “modulus 10” or “mod 10” algorithm)..
Gather Contacts – A Burp Suite Extension to pull Employee Names from Google and Bing LinkedIn Search Results.
Blazer – Burp Suite AMF Extension.
Wordlist Extractor – Scrapes all unique words and numbers for use with password cracking.
PsychoPATH – This extension provides a customizable payload generator, suitable for detecting a variety of file path vulnerabilities in file upload and download functionality.
Meth0dMan – This extension helps with testing HTTP methods. It generates custom Burp Intruder payloads based on the site map, allowing quick identification of several HTTP method issues.
Intruder File Payload Generator – This extension provides a way to use file contents and filenames as Intruder payloads.
Intruder Time Payloads – This extension lets you include the current epoch time in Intruder payloads.
reCAPTCHA – A burp plugin that automatically recognizes the graphics verification code and is used for Payload in Intruder.
Virtual Host Payload Generator – Burp extension providing a set of values for the HTTP request Host header for the Burp Intruder in order to abuse virtual host resolution.
Stepper – Stepper is designed to be a natural evolution of Burp Suite’s Repeater tool, providing the ability to create sequences of steps and define regular expressions to extract values from responses which can then be used in subsequent steps.
Turbo Intruder – Turbo Intruder is a Burp Suite extension for sending large numbers of HTTP requests and analyzing the results.
HackBar – HackBar plugin for Burpsuite v1.0.
burpContextAwareFuzzer – BurpSuite’s payload-generation extension aiming at applying fuzzed test-cases depending on the type of payload (integer, string, path; JSON; XML; GWT; binary) and following encoding-scheme applied originally.

Cryptography

Extensions related to decryption of encrypted traffic and crypto related attacks.

WhatsApp Protocol Decryption Burp Tool – This tool was created during our research on Whatsapp Protocol.
AES Burp/AES Payloads – Burp Extension to manipulate AES encrypted payloads.
Crypto Attacker – The extension helps detect and exploit some common crypto flaws.
AES Killer – Burp plugin to decrypt AES Encrypted traffic of mobile apps on the fly.
Length Extension Attacks – This extension lets you perform hash length extension attacks on weak signature mechanisms.
TLS-Attacker-BurpExtension – The extension is based on the TLS-Attacker and developed by the Chair for Network and Data Security from the Ruhr-University Bochum to assist pentesters and security researchers in the evaluation of TLS Server configurations with Burp Suite.
Resign v2.0 – A burp extender that recalculate signature value automatically after you modified request parameter value.but you need to know the signature algorithm detail and configure at GUI.

Web Services

Extensions useful for assessing Web Services

WCF-Binary-SOAP-Plug-In – This is a Burp Suite plug-in designed to encode and decode WCF Binary Soap request and response data (“Content-Type: application/soap+msbin1).
WSDL Wizard – WSDL Wizard is a Burp Suite plugin written in Python to detect current and discover new WSDL (Web Service Definition Language) files.
BurpWCFDSer – BurpWCFDSer is a Burp plugin that will deserialze/serialize WCF request and response to and from XML.
JSWS – Burp Extenstion to parse JavaScript WebService Proxies and create sample requests.
JSON Decoder – This extension adds a new tab to Burp’s HTTP message editor, and displays JSON messages in decoded form.
WSDLer – WSDL Parser extension for Burp.
POST2JSON – Burp Suite Extension to convert a POST request to JSON message, moving any .NET request verification token to HTTP headers if present.
WCF Deserializer – This extension allows Burp to view and modify binary SOAP objects.
Postman Integration – This extension integrates with the Postman tool by generating a Postman collection JSON file.
OpenAPI Parser – Parse OpenAPI specifications, previously known as Swagger specifications, into the BurpSuite for automating RESTful API testing – approved by Burp for inclusion in their official BApp Store.
Content Type Converter – Burp extension to convert XML to JSON, JSON to XML, x-www-form-urlencoded to XML, and x-www-form-urlencoded to JSON.
Burp Non HTTP Extension – Non-HTTP Protocol Extension (NoPE) Proxy and DNS for Burp Suite.
Swurg – Swurg is a Burp Suite extension designed for OpenAPI testing.
WCFDSer-ngng – A Burp Extender plugin, that will make binary soap objects readable and modifiable.
UPnP Hunter – This extension finds active UPnP services/devices and extracts the related SOAP requests (IPv4 and IPv6 are supported), it then analyzes them using any of the various Burp tools (i.e. Intruder, Repeater)
burp-suite-swaggy – Burp Suite extension for parsing Swagger web service definition files.

Tool Integration

Extensions related to integrating Burp Suite with other software/tools.

Report To Elastic Search – This extension passes along issues discovered by Burp to either stdout or an ElasticSearch database.
Qualys WAS – The Qualys WAS Burp extension provides a way to easily push Burp scanner findings to the Web Application Scanning (WAS) module within the Qualys Cloud Platform.
NMAP Parser – This extension provides a GUI interface for parsing Nmap output files, and adding common web application ports to Burp’s target scope.
WebInspect Connector – Binary-only repository for the HP WebInspect Connector, authored by HP.
Faraday – This extension integrates Burp with the Faraday Integrated Penetration-Test Environment.
Git Bridge – This extension lets Burp users store Burp data and collaborate via git. Users can right-click supported items in Burp to send them to a git repo and use the Git Bridge tab to send items back to the originating Burp tools.
Issue Poster – This extension can be used to post details of discovered Scanner issues to an external web service.
Code Dx – This extension uploads scan reports directly to CodeDx, a software vulnerability correlation and management system.
ElasticBurp – This extension stores requests and responses from selected Burp tools in an ElasticSearch index including metadata like headers and parameters.
Dradis Framework – This extension integrates Burp with the Dradis Framework.
Burp Dirbuster – Dirbuster plugin for Burp Suite.
Pcap Importer – This extension enables Pcap and Pcap-NG files to be imported into the Burp Target site map, and passively scanned.
Brida – Brida is a Burp Suite Extension that, working as a bridge between Burp Suite and Frida, lets you use and manipulate applications’ own methods while tampering the traffic exchanged between the applications and their back-end services/servers.
Burp Chat – This extension enables collaborative usage of Burp using XMPP/Jabber. You can send items between Burp instances by connecting over a chat session.
ThreadFix – This extension provides an interface between Burp and ThreadFix.
Nessus Loader – his extension parses a Nessus scan XML file to detect web servers. Any web servers discovered are added to the site map.
Peach API Integration – This Burp plugin provides integration between Burp and Peach API Security.
YesWeBurp – YesWeBurp is an extension for BurpSuite allowing you to access all your https://yeswehack.com/ bug bounty programs directly inside Burp.

Misc

knife – A burp extension that add some useful function to Context Menu. This includes one key to update cookie, one key add host to scope to the right click context menu, insert payload of Hackbar or self-configured to current request.
Burp Rest API – REST/JSON API to the Burp Suite security tool.
Burpa – A Burp Suite Automation Tool.
CVSS Calculator – This extension calculates CVSS v2 and v3 scores of vulnerabilities.
Burp Uniqueness – Uniqueness plugin for Burp Suite.
Sample Burp Suite extension: custom scanner checks – Sample Burp Suite extension: custom scanner checks
Burp Bing translator – Testing non-English web apps is pretty straight forward which you can just use browser extension to translate what you see on screens.
Similar Request Excluder – A Burp Suite extension that automatically marks similar requests as ‘out-of-scope’.
jython-burp-api – Develop Burp extensions in Jython.
Jython Burp Extensions – Description not available.
Add Custom Header – A Burp Suite extension to add a custom header (e.g. JWT).
Target Redirector – This extension allows you to redirect requests to a particular target by replacing an incorrect target hostname/IP with the intended one. The Host header can optionally also be updated.
Similar Request Excluder – Similar Request Excluder is an extension that enables you to automatically reduce the target scope of your active scan by excluding similar (and therefore redundant) requests.
Request Timer – This extension captures response times for requests made by all Burp tools. It could be useful in uncovering potential timing attacks.
Response Clusterer – This extension clusters similar responses together, and shows a summary with one request/response per cluster. This allows the tester to get an overview of the tested website’s responses from all Burp Suite tools.
Hackbar – HackBar plugin for Burpsuite v1.0.
HUNT – HUNT Suite is a collection of Burp Suite Pro/Free and OWASP ZAP extensions. Identifies common parameters vulnerable to certain vulnerability classes (Burp Suite Pro and OWASP ZAP). Organize testing methodologies (Burp Suite Pro and Free).
Replicator – Replicator helps developers to reproduce issues discovered by pen testers.
Kerberos Authentication – This extension provides support for performing Kerberos authentication. This is useful for testing in a Windows domain when NTLM authentication is not supported.
JVM Property Editor – This extension allows the user to view and modify JVM system properties while Burp is running.
Lair – This extension provides the facility to send Burp Scanner issues directly to a remote Lair project.
Google Authenticator – This Burp Suite extension turns Burp into a Google Authenticator client.
GWT Insertion Points – This extension automatically identifies insertion points for GWT (Google Web Toolkit) requests when sending them to the active Scanner or Burp Intruder.
Headless Burp – This extension allows you to run Burp Suite’s Spider and Scanner tools in headless mode via the command-line.
HTTP Mock – This Burp extension provides mock responses that can be customized, based on the real ones.
Carbonator – This extension provides a command-line interface to automate the process of configuring target scope, spidering and scanning.
Batch Scan Report Generator – This extension can be used to generate multiple scan reports by host with just a few clicks.
Decompressor – Often, HTTP traffic is compressed by the server before it is sent to the client in order to reduce network load.
Custom Parameter Handler – This extension provides a simple way to modify any part of an HTTP message, allowing manipulation with surgical precision even (and especially) when using macros.
CFURL Cache inspector for Burp Suite – CFURL Cache inspector for Burp Suite.
Proxy Auto Config – This extension automatically configures Burp upstream proxies to match desktop proxy settings.
Proxy Action Rules – This extension can automatically forward, intercept, and drop proxy requests while actively displaying proxy log information and centralizing list management.
Perfmon – Perfmon is an extension for Burp Suite that shows information about threads, memory being used, and memory allocated.
Unicode To Chinese – A burpsuite Extender That Convert Unicode To Chinese.
Curlit – Burp Python plugin to turn requests into curl commands.
BurpSuite-Team-Extension – This Burpsuite plugin allows for multiple web app testers to share their proxy history with each other in real time.
BurpelFish – Adds Google Translate to Burp’s context menu.
BlockerLite – Simple Burp extension to drop blacklisted hosts.

Burp插件训练资源

与开发Burp插件相关的有用的博客文章、谈话和幻灯片资源。