130 Open Source Burpsuite Software Projects

箱庭BadStore

Wordlist for content(directory) bruteforce discovering with Burp or dirsearch

reCAPTCHA = REcognize CAPTCHA: A Burp Suite Extender that recognize CAPTCHA and use for intruder payload 自动识别图形验证码并用于burp intruder爆破模块的插件

Security checks pack for Burp Suite

Burp Suite extension to help make Graphql request more readable

百宝箱

Automatically exploit time-based blind SQL injection vulnerabilities.

Automated HTTP Request Repeating With Burp Suite

BurpSuite's payload-generation extension aiming at applying fuzzed test-cases depending on the type of payload (integer, string, path; JSON; XML; GWT; binary) and following encoding-scheme applied originally.

A Burpsuite plugin (BApp) to aid in the detection of scripts being loaded from over 23000 malicious cryptocurrency mining domains (cryptojacking).

Burp as a Docker Container

Web Penetration Testing with Kali Linux - Third Edition, published by Packt

A Burp Suite extension that automatically marks similar requests as 'out-of-scope'.

InQL - A Burp Extension for GraphQL Security Testing

Burp Suite plugin that dynamically generates Google 2FA codes for use in session handling rules (approved by PortSwigger for inclusion in their official BApp Store).

Burp Bounty (Scan Check Builder in BApp Store) is a extension of Burp Suite that allows you, in a quick and simple way, to improve the active and passive scanner by means of personalized rules through a very intuitive graphical interface.

A simple HTTP(S) and DNS Canary bot with Slack/Discord/MS Teams/Lark/Telegram & Pushover support

A burp extension that add some useful function to Context Menu 添加一些右键菜单让burp用起来更顺畅

An extensible application for penetration testers and software developers to decode/encode data into various formats.

A Burp Suite extension to help pentesters to bypass WAFs or test their effectiveness using a number of techniques

Collaborative Penetration Test and Vulnerability Management Platform

HackBar plugin for Burpsuite

Identify technologies used on websites.

Burp Plugin to decrypt AES encrypted traffic on the fly

Burp Commander written in Go

Burp extension to detect alias traversal via NGINX misconfiguration at scale.

burpsuite 插件对GP所有参数(过滤特殊参数)一键自动添加xss sql payload 进行fuzz

Burp extension to generate multi-step CSRF POC.

BurpSuite extension to inject custom cross-site scripting payloads on every form/request submitted to detect blind XSS vulnerabilities

A scope-generator-tool for Burp Suite and ZAP

Identify the technologies used on websites. (Dig-deep into web tech from your terminal)

Adds a customizable "Send to..."-context-menu to your BurpSuite.

A Burp plugin to export findings to DefectDojo

A script for installing private Burp Collaborator with free Let's Encrypt SSL-certificate

CSTC is a Burp Suite extension that allows request/response modification using a GUI analogous to CyberChef

Extension for Burp Suite which uses AWS API Gateway to rotate your IP on every request.

Burp Bounty profiles

Burpsuite-Plugins-Usage

Repository contains an online education portal filled with web vulnerabilities.

OWASP VulnerableApp Project: For Security Enthusiasts by Security Enthusiasts.

Burp Suite 汉化 中文

Burp Suite plugin that adds additional checks to the passive scanner to reveal the origin IP(s) of Cloudflare-protected web applications.

Automatically identify serialization issues in PHP Frameworks by means of an Burp Suite active scan

Manual JavaScript Linting is a Bug

A plugin that allows you execute python and get return to BurpSuite.

Burp Suite extension to discover apikeys/accesstokens and sensitive data from HTTP response.

A Burp Suite Extension to take back your repeater tabs

A Burp plugin that collects Burp request parameters, directories, paths and file names into the database for sorting

基于BurpSuite的一款FOFA Pro 插件

有关burpsuite的插件(非商店),文章以及使用技巧的收集(此项目不再提供burpsuite破解文件,如需要请在博客mrxn.net下载)---Collection of burpsuite plugins (non-stores), articles and tips for using Burpsuite, no crack version file

myscan 被动扫描

HaE - BurpSuite Highlighter and Extractor

Exporter is a Burp Suite extension to copy a request to a file or the clipboard as multiple programming languages functions.

Complete Listing and Usage of Tools used for Ethical Hacking

BurpCrypto is a collection of burpsuite encryption plug-ins, support AES/RSA/DES/ExecJs(execute JS encryption code in burpsuite). 支持多种加密算法或直接执行JS代码的用于爆破前端加密的BurpSuite插件

The objective of this Burp Suite extension is the flexible and dynamic extraction, correlation, and structured presentation of information from the Burp Suite project as well as the flexible and dynamic on-the-fly modification of outgoing or incoming HTTP requests using Python scripts. Thus, Turbo Data Miner shall aid in gaining a better and faster understanding of the data collected by Burp Suite.

HaE-Java是基于Java开发的一款burpsuite插件，其支持自定义正则表达式，可扩展性强，并内置九种高亮颜色，可高亮（Highlight）标记敏感请求，并（And）提取（Extract）关键数据，方便后续深度挖掘。代码内部维护了一个简单的缓存池，burp界面响应速度佳。

A Burp Suite Extension to extract interesting strings (key, secret, token, or etc.) from a webpage.

Bug Bounty stuffs, payloads, scripts, profiles, tips and tricks, ...

SQLi Query Tampering extends and adds custom Payload Generator/Processor in Burp Suite's Intruder. This extension gives you the flexibility of manual testing with many powerful evasion techniques.

Black Hat Ruby book | Lab files | Buy the book https://www.amazon.com/dp/B08JHSF6GT

A Burp Suite plugin/extension that offers a shell in Burp. Both useful for OS Command injection and LFI exploration

Burp Bounty profiles compilation, feel free to contribute!

burpsuite extension for check and extract sensitive request parameter

burpsuite extension for check unauthorized vulnerability

Commodity Injection Signatures, Malicious Inputs, XSS, HTTP Header Injection, XXE, RCE, Javascript, XSLT

Burp Extension for testing authorization issues. Automated request repeating and parameter value extraction on the fly.

Automatic authorization enforcement detection extension for burp suite written in Jython developed by Barak Tawily in order to ease application security people work and allow them perform an automatic authorization tests

Custom scripts for the PIPER Burp extensions.

Burp Extension that copies a request and builds a FFUF skeleton

Burp Automator - A Burp Suite Automation Tool. It provides a high level CLI and Python interfaces to Burp Suite scanner and can be used to setup Dynamic Application Security Testing (DAST).

Burp Suite extension to passively scan for applications revealing server error messages

Burp Suite plugin identifies insertion points for GWT (Google Web Toolkit) requests

Utilities for creating Burp Suite Extensions.

Burp extension to passively scan for applications revealing software version numbers

Generate MS Word template-based reports with HP WebInspect / Burp Suite Pro input, own custom data and knowledge base.

Burp extension intended to compact Burp extension tabs by hijacking them to own tab.

Automate security tests using Burp Suite.

Extension providing view with filtering capabilities for both complete and incomplete requests from all burp tools.

A collection of Burpsuite Intruder payloads, BurpBounty payloads, fuzz lists, malicious file uploads and web pentesting methodologies and checklists.

Burp Extender to add unique form tokens to scanner requests.

Bug Bounty writeups, Vulnerability Research, Tutorials, Tips&Tricks

The main SamuraiWTF collaborative distro repo.

intercepting kali router

Burp Suite plugin for the Dradis Framework

Powerful plugins and add-ons for hackers

Belle (Burp Suite 非公式日本語化ツール)

Parse OpenAPI documents into Burp Suite for automating OpenAPI-based APIs security assessments (approved by PortSwigger for inclusion in their official BApp Store).

Burp extension for automated handling of CSRF tokens

这是基于Burp Suite官方文档翻译而来的中文版文档

BurpSuite Extension Ruby Template to speed up building a Burp Extension using Ruby

Material for the training "Developing Burp Suite Extensions – From Manual Testing to Security Automation"

Burp Extender plugin that generates a sitemap of a website using Wayback Machine

VULNRΞPO - Free vulnerability report generator and repository end-to-end encrypted. Complete templates of issues, CWE, CVE, MITRE ATT&CK, PCI DSS, AES encryption, Nmap/Nessus/Burp/OpenVAS issues import, Jira export, TXT/HTML/PDF report, attachments, automatic changelog, statistics, vulnerability management, Security report builder.

This burpsuite extender provides a solution on testing Enterprise applications that involve security Authorization tokens into every HTTP requests.Furthermore, this solution provides a better approach to solve the problem of Burp suite automated scanning failures when Authorization tokens exist.

Burp-Automator: A Burp Suite Automation Tool with Slack Integration. It can be used with Jenkins and Selenium to automate Dynamic Application Security Testing (DAST).

JSONPath extension for BurpSuite