77 Open Source Burp Software Projects

HackBar plugin for Burpsuite

Awesome Burp Suite Resources. 400+ open source Burp plugins, 400+ posts and videos.

A burp extension that add some useful function to Context Menu 添加一些右键菜单让burp用起来更顺畅

Burp-Automator: A Burp Suite Automation Tool with Slack Integration. It can be used with Jenkins and Selenium to automate Dynamic Application Security Testing (DAST).

Burp Plugin to decrypt AES encrypted traffic on the fly

HTTP file upload scanner for Burp Proxy

SAML2 Burp Extension

Commodity Injection Signatures, Malicious Inputs, XSS, HTTP Header Injection, XXE, RCE, Javascript, XSLT

Burp Extender plugin that generates a sitemap of a website using Wayback Machine

Automate security tests using Burp Suite.

Wordlist for content(directory) bruteforce discovering with Burp or dirsearch

Blackbox protobuf is a Burp Suite extension for decoding and modifying arbitrary protobuf messages without the protobuf type definition.

Rescope is a tool geared towards pentesters and bugbounty researchers, that aims to make life easier when defining scopes for Burp Suite and OWASP ZAP.

jsonp is a Burp Extension which attempts to reveal JSONP functionality behind JSON endpoints. This could help reveal cross-site script inclusion vulnerabilities or aid in bypassing content security policies.

Burp and ZAP plugin to analyse Content-Security-Policy headers or generate template CSP configuration from crawling a Website

Bug Bounty, Vulnerability Research, Tutorials, Tips&Tricks

The Web Audit Search Engine - Index and Search HTTP Requests and Responses in Web Application Audits with ElasticSearch

Image size issues plugin for Burp Suite

Burp-UI is a web-ui for burp backup written in python with Flask and jQuery/Bootstrap

渗透测试人员专用精简化字典 Dictionary for penetration testers happy hacker

A script for installing private Burp Collaborator with free Let's Encrypt SSL-certificate

Generate MS Word template-based reports with HP WebInspect / Burp Suite Pro input, own custom data and knowledge base.

Burp Pro as a Docker Container

Transparently log all data passed into known JavaScript sinks - Sink Logger extension for Burp.

Burp Suite extension to passively scan for applications revealing server error messages

A Burp Suite extension that automatically marks similar requests as 'out-of-scope'.

Python script that converts Burp Suite HTTP proxy history files to CSV or HTML

Copy as requests plugin for Burp Suite

Firefox and Google Chrome Extension of HackBar without license

This burpsuite extender provides a solution on testing Enterprise applications that involve security Authorization tokens into every HTTP requests.Furthermore, this solution provides a better approach to solve the problem of Burp suite automated scanning failures when Authorization tokens exist.

Extension providing view with filtering capabilities for both complete and incomplete requests from all burp tools.

Simple socket-based gateway to the Burp Collaborator

Vendor-Neutral Security Tool Automation Controller (over REST)

UUID issues for Burp Suite

burpsuite 插件对GP所有参数(过滤特殊参数)一键自动添加xss sql payload 进行fuzz

Burp Suite extension to help make Graphql request more readable

Burp extension to decode NTLM SSP headers and extract domain/host information

A simple Burp extension for scanning stuffs in CTF

JSON JTree viewer for Burp Suite

Burp Scanner extension to fingerprint and actively scan instances of the Adobe Experience Manager CMS. It checks the website for common misconfigurations and security holes.

Another plugin for CRLF vulnerability detection

SSTI Payload Generator

Burp extension intended to compact Burp extension tabs by hijacking them to own tab.

Burp extension to passively scan for applications revealing software version numbers

JSONPath extension for BurpSuite

The objective of this Burp Suite extension is the flexible and dynamic extraction, correlation, and structured presentation of information from the Burp Suite project as well as the flexible and dynamic on-the-fly modification of outgoing or incoming HTTP requests using Python scripts. Thus, Turbo Data Miner shall aid in gaining a better and faster understanding of the data collected by Burp Suite.

A Burp Extender plugin that will allow you to tamper with requests containing compressed, serialized java objects.

JSON Beautifier for Burp written in Java

Automatically identify serialization issues in PHP Frameworks by means of an Burp Suite active scan

Python Package for burprestapi

It decompiles target apk and adds security exception to accept all certificates thus making able to work with Burp/Charles and Other Tools

CFURL Cache inspector for Burp Suite

Utilities for creating Burp Suite Extensions.

Burp extension to generate multi-step CSRF POC.

Burp extension for automated handling of CSRF tokens

GQL Burp Extension

Burp Extender to add unique form tokens to scanner requests.

Burp Suite plugin identifies insertion points for GWT (Google Web Toolkit) requests

Burp Bounty profiles compilation, feel free to contribute!

Burp Suite plugin for the Dradis Framework

Target Redirector is a Burp Suite Extension written in Kotlin, which redirects all Burp requests destined for a chosen target to a different target of your choice. The hostname/IP, port and protocol (HTTP/HTTPS) can all be configured to an alternative destination.

HopLa Burp Suite Extender plugin - Adds autocompletion support and useful payloads in Burp Suite

Burp Extension that copies a request and builds a FFUF skeleton

Copy as XMLHttpRequest BurpSuite extension

Burp Suite extension for Radamsa-powered fuzzing with Intruder

common methods that used by my burp extension projects

Burp Suite Extension - Trigger actions and reshape HTTP request and response traffic using configurable rules

WAF Cookie Fetcher is a Burp Suite extension written in Python, which uses a headless browser to obtain the values of WAF-injected cookies which are calculated in the browser by client-side JavaScript code and adds them to Burp's cookie jar. Requires PhantomJS.

Server, client and web ui Docker images for Burp

Burp extension to specify the token value for the Authenication header while scanning.

Highlighting different firefox containers in Burp Proxy

SendToXray - Burp Suite Extender, Send HTTP request to XRAY proxy.

Toggle Burp proxy from anywhere and get its status in i3wm

Burp Extender : Proxy History viewer in Web UI

Anvil Secure's Burp extension for signing AWS requests with SigV4

Burp Suite HTTP proxy history viewer

The burp extension to forward the request