burp

Apr 17, 2025
Last updated on Apr 17, 2025
Description

burp
1. Authentication Token Obtain and Replace (ATOR)

Session expiration is the bane of automation. If a session token expires mid scan, you're left with incomplete results. ATOR detects expired tokens, re-authenticates, and updates requests with the fresh token.

2. SAML Raider

If you've never tested an API that uses SAML, you're lucky. If you have, you know how frustrating of an experience it can be. SAML Raider is a must have, allowing you to edit, sign, and manipulate SAML messages directly within Burp.

3. Extensibility Helper

BChecks and Bambdas are awesome, and people share plenty of them online, but they are usually scattered across multiple GitHub repos. Extensibility Helper loads BChecks and Bambdas from repos, search them, and import the ones you want into Burp.

4. Hunt Scanner

Despite the name, Hunt Scanner doesn't really "scan" anything. Instead it monitors requests as you explore the application, tracking interesting parameter names, linking them to *potential* vulns. You can't test everything, but you can prioritize what you do test!

5. TokenJar

TokenJar is the less automated version of ATOR, and sometimes that's enough! If the application refreshes session tokens itself, or there are non-session tokens you want to track (think anti-CSRF), TokenJar can help. It monitors and extracts tokens, then updates subsequent requests.

6. GAP

GAP helps uncover hidden endpoints and parameters by analyzing responses and generating custom wordlists. That plus the huge number of settings make this an awesome cewl-like tool for recon!

7. Server-Side Prototype Pollution Scanner

This extension identifies server-side prototype pollution vulnerabilities, a critical issue NodeJS applications. While Burp's scanner has some tests built-in, this extension adds more checks for completeness.

8. Reshaper

Reshaper has a learning curve and not the most intuitive interface, but when you do grasp how it works, it can be incredibly powerful. It's essentially IFTTT for Burp, allowing you to configure request/response modifying actions that get triggered by certain criteria.

9. Pentagrid Scan Controller

If you do a lot of scanning in Burp, this extension is for you. When enabled, it will monitor all proxied requests and decide whether or not they should be scanned. Highly configurable, it won't scan the same request twice. Think of it as your automated scan manager.

10. AuthMatrix

A golden oldie that desperately needs a rewrite (please...), AuthMatrix simplifies authorization testing by providing a matrix of users, roles, and requests. It helps identify access control issues systematically, and saves time during retesting by replaying all requests in one go.