130 Open Source Burpsuite Software Projects

Collaborative Penetration Test and Vulnerability Management Platform

A collection of Burpsuite Intruder payloads, BurpBounty payloads, fuzz lists, malicious file uploads and web pentesting methodologies and checklists.

HackBar plugin for Burpsuite

Burp Bounty (Scan Check Builder in BApp Store) is a extension of Burp Suite that allows you, in a quick and simple way, to improve the active and passive scanner by means of personalized rules through a very intuitive graphical interface.

InQL - A Burp Extension for GraphQL Security Testing

Powerful plugins and add-ons for hackers

reCAPTCHA = REcognize CAPTCHA: A Burp Suite Extender that recognize CAPTCHA and use for intruder payload 自动识别图形验证码并用于burp intruder爆破模块的插件

A burp extension that add some useful function to Context Menu 添加一些右键菜单让burp用起来更顺畅

A Burp Suite extension to help pentesters to bypass WAFs or test their effectiveness using a number of techniques

Automated HTTP Request Repeating With Burp Suite

有关burpsuite的插件(非商店),文章以及使用技巧的收集(此项目不再提供burpsuite破解文件,如需要请在博客mrxn.net下载)---Collection of burpsuite plugins (non-stores), articles and tips for using Burpsuite, no crack version file

Burp-Automator: A Burp Suite Automation Tool with Slack Integration. It can be used with Jenkins and Selenium to automate Dynamic Application Security Testing (DAST).

Burp Suite extension to discover apikeys/accesstokens and sensitive data from HTTP response.

Burp Plugin to decrypt AES encrypted traffic on the fly

Extension for Burp Suite which uses AWS API Gateway to rotate your IP on every request.

intercepting kali router

Automatic authorization enforcement detection extension for burp suite written in Jython developed by Barak Tawily in order to ease application security people work and allow them perform an automatic authorization tests

Burpsuite-Plugins-Usage

这是基于Burp Suite官方文档翻译而来的中文版文档

Commodity Injection Signatures, Malicious Inputs, XSS, HTTP Header Injection, XXE, RCE, Javascript, XSLT

百宝箱

The main SamuraiWTF collaborative distro repo.

Burp Extender plugin that generates a sitemap of a website using Wayback Machine

BurpCrypto is a collection of burpsuite encryption plug-ins, support AES/RSA/DES/ExecJs(execute JS encryption code in burpsuite). 支持多种加密算法或直接执行JS代码的用于爆破前端加密的BurpSuite插件

Automate security tests using Burp Suite.

Burp extension to detect alias traversal via NGINX misconfiguration at scale.

Identify technologies used on websites.

A Burpsuite plugin (BApp) to aid in the detection of scripts being loaded from over 23000 malicious cryptocurrency mining domains (cryptojacking).

Wordlist for content(directory) bruteforce discovering with Burp or dirsearch

A simple HTTP(S) and DNS Canary bot with Slack/Discord/MS Teams/Lark/Telegram & Pushover support

A scope-generator-tool for Burp Suite and ZAP

A plugin that allows you execute python and get return to BurpSuite.

Security checks pack for Burp Suite

Bug Bounty writeups, Vulnerability Research, Tutorials, Tips&Tricks

Complete Listing and Usage of Tools used for Ethical Hacking

Material for the training "Developing Burp Suite Extensions – From Manual Testing to Security Automation"

Exporter is a Burp Suite extension to copy a request to a file or the clipboard as multiple programming languages functions.

Parse OpenAPI documents into Burp Suite for automating OpenAPI-based APIs security assessments (approved by PortSwigger for inclusion in their official BApp Store).

SQLi Query Tampering extends and adds custom Payload Generator/Processor in Burp Suite's Intruder. This extension gives you the flexibility of manual testing with many powerful evasion techniques.

CSTC is a Burp Suite extension that allows request/response modification using a GUI analogous to CyberChef

A Burp Suite Extension to extract interesting strings (key, secret, token, or etc.) from a webpage.

BurpSuite extension to inject custom cross-site scripting payloads on every form/request submitted to detect blind XSS vulnerabilities

A script for installing private Burp Collaborator with free Let's Encrypt SSL-certificate

Generate MS Word template-based reports with HP WebInspect / Burp Suite Pro input, own custom data and knowledge base.

Burp Commander written in Go

Burp as a Docker Container

A Burp Suite Extension to take back your repeater tabs

Automatically exploit time-based blind SQL injection vulnerabilities.

Burp Suite extension to passively scan for applications revealing server error messages

A Burp Suite extension that automatically marks similar requests as 'out-of-scope'.

This burpsuite extender provides a solution on testing Enterprise applications that involve security Authorization tokens into every HTTP requests.Furthermore, this solution provides a better approach to solve the problem of Burp suite automated scanning failures when Authorization tokens exist.

基于BurpSuite的一款FOFA Pro 插件

A Burp plugin that collects Burp request parameters, directories, paths and file names into the database for sorting

Identify the technologies used on websites. (Dig-deep into web tech from your terminal)

Extension providing view with filtering capabilities for both complete and incomplete requests from all burp tools.

Burp Bounty profiles

Manual JavaScript Linting is a Bug

HaE-Java是基于Java开发的一款burpsuite插件，其支持自定义正则表达式，可扩展性强，并内置九种高亮颜色，可高亮（Highlight）标记敏感请求，并（And）提取（Extract）关键数据，方便后续深度挖掘。代码内部维护了一个简单的缓存池，burp界面响应速度佳。

Burp Suite plugin that adds additional checks to the passive scanner to reveal the origin IP(s) of Cloudflare-protected web applications.

Bug Bounty stuffs, payloads, scripts, profiles, tips and tricks, ...

burpsuite 插件对GP所有参数(过滤特殊参数)一键自动添加xss sql payload 进行fuzz

Burp Suite extension to help make Graphql request more readable

BurpSuite Extension Ruby Template to speed up building a Burp Extension using Ruby

箱庭BadStore

BurpSuite's payload-generation extension aiming at applying fuzzed test-cases depending on the type of payload (integer, string, path; JSON; XML; GWT; binary) and following encoding-scheme applied originally.

Burp extension to passively scan for applications revealing software version numbers

Burp extension intended to compact Burp extension tabs by hijacking them to own tab.

OWASP VulnerableApp Project: For Security Enthusiasts by Security Enthusiasts.

JSONPath extension for BurpSuite

The objective of this Burp Suite extension is the flexible and dynamic extraction, correlation, and structured presentation of information from the Burp Suite project as well as the flexible and dynamic on-the-fly modification of outgoing or incoming HTTP requests using Python scripts. Thus, Turbo Data Miner shall aid in gaining a better and faster understanding of the data collected by Burp Suite.

Repository contains an online education portal filled with web vulnerabilities.

Belle (Burp Suite 非公式日本語化ツール)

Web Penetration Testing with Kali Linux - Third Edition, published by Packt

Automatically identify serialization issues in PHP Frameworks by means of an Burp Suite active scan

Utilities for creating Burp Suite Extensions.

Burp extension to generate multi-step CSRF POC.

Burp extension for automated handling of CSRF tokens

A Burp plugin to export findings to DefectDojo

Burp Extender to add unique form tokens to scanner requests.

Burp Suite plugin identifies insertion points for GWT (Google Web Toolkit) requests

Burp Suite 汉化 中文

Burp Bounty profiles compilation, feel free to contribute!

Black Hat Ruby book | Lab files | Buy the book https://www.amazon.com/dp/B08JHSF6GT

burpsuite extension for check unauthorized vulnerability

Burp Suite plugin for the Dradis Framework

Burp Suite plugin that dynamically generates Google 2FA codes for use in session handling rules (approved by PortSwigger for inclusion in their official BApp Store).

HaE - BurpSuite Highlighter and Extractor

myscan 被动扫描

VULNRΞPO - Free vulnerability report generator and repository end-to-end encrypted. Complete templates of issues, CWE, CVE, MITRE ATT&CK, PCI DSS, AES encryption, Nmap/Nessus/Burp/OpenVAS issues import, Jira export, TXT/HTML/PDF report, attachments, automatic changelog, statistics, vulnerability management, Security report builder.

Burp Automator - A Burp Suite Automation Tool. It provides a high level CLI and Python interfaces to Burp Suite scanner and can be used to setup Dynamic Application Security Testing (DAST).

Adds a customizable "Send to..."-context-menu to your BurpSuite.

An extensible application for penetration testers and software developers to decode/encode data into various formats.

Custom scripts for the PIPER Burp extensions.

Burp Extension for testing authorization issues. Automated request repeating and parameter value extraction on the fly.

Burp Extension that copies a request and builds a FFUF skeleton

A Burp Suite plugin/extension that offers a shell in Burp. Both useful for OS Command injection and LFI exploration

burpsuite extension for check and extract sensitive request parameter