#Burp-extensions
Showing 38 of 38 repositories tagged #burp-extensions, ranked by stars
A Burp Suite extension that integrates OpenAI's GPT to perform an additional passive scan for discovering highly bespoke vulnerabilities and enables running traffic-based analysis of any type.
Burp extension to evade TLS fingerprinting. Bypass WAF, spoof any browser.
InQL is a robust, open-source Burp Suite extension for advanced GraphQL testing, offering intuitive vulnerability detection, customizable scans, and seamless Burp integration.
TCP/UDP Non-HTTP Proxy Extension (NoPE) for Burp Suite.
BurpCrypto is a collection of burpsuite encryption plug-ins, support AES/RSA/DES/ExecJs(execute JS encryption code in burpsuite). 支持多种加密算法或直接执行JS代码的用于爆破前端加密的BurpSuite插件
Burp Suite extension that adds built-in MCP tooling, AI-assisted analysis, privacy controls, passive and active scanning and more
🧿 AutorizePro是一款强大越权检测 Burp 插件,通过增加 AI 辅助分析 && 进一步优化检测逻辑,大幅降低误报率,提升越权漏洞检出效率。 [ AutorizePro is a authorization enforcement detection extension for burp suite. By adding Ai-assisted analysis, it significantly reduces the false positive rate and improves the efficiency of vulnerability detection.
A Burp Suite extension for identifying injection flaws (LFI, RCE, SQLi), authentication/authorization issues, and HTTP 403 access violations. It supports dynamic payload generation, including BCheck syntax, and can automatically generate Bambdas scripts. Additionally, it offers "Copy as JavaScript" to convert HTTP requests for enhanced XSS testing.
A Burp Suite Extension to extract interesting strings (key, secret, token, or etc.) from a webpage.
Automate security tests using Burp Suite.
Burp Suite extension to decrypt/encrypt any encrypted traffic (AES/RSA/Encodings and more) with custom code in any language
A Burpsuite plugin (BApp) to aid in the detection of scripts being loaded from over 23000 malicious cryptocurrency mining domains (cryptojacking).
A burp suite extension that reviews backup, old, temporary and unreferenced files on web server for sensitive information (OWASP WSTG-CONF-04, OTG-CONFIG-004)
A BurpSuite extension to create a custom word-list of endpoint and parameters for enumeration and fuzzing
A burp suite extension that enumerates infrastructure and application admin interfaces (OTG-CONFIG-005)
YesWeHack Api Extension for Burp
SQL injection script for MSSQL that extracts domain users from an Active Directory environment based on RID bruteforcing
PyCript Websocket is now merge into https://github.com/Anof-cyber/PyCript, this repo is not available anymore.
A Burp Suite plugin/extension that offers a shell in Burp. Both useful for OS Command injection and LFI exploration
AIHTTPAnalyzer revolutionizes web application security testing by bringing artificial intelligence capabilities to Burp Suite. This innovative extension harnesses the power of AI to automate vulnerability detection, provide intelligent analysis, and assist security professionals in identifying complex security issues.
Burp Suite extension for API security testing with 15 attack types, 108+ payloads, intelligent fuzzing, BOLA/IDOR detection, AI integration, and automated reconnaissance. Supports REST/GraphQL/SOAP APIs with Nuclei, Turbo Intruder, and external tool integration. OWASP API Top 10 coverage.
Burp Suite extension to passively scan for applications revealing server error messages
Integrated Security Testing Environment for Web Applications as Burp Extension.
Mole is a framework for identifying and exploiting out-of-band application vulnerabilities.
JWTLens - Burp Suite extension for automated JWT security testing. 62 checks: passive scanning, algorithm confusion, signature bypass, KID injection, weak secret brute force, and a built-in JWT Forge tab. Works automatically as you browse.
BurpSuite's payload-generation extension aiming at applying fuzzed test-cases depending on the type of payload (integer, string, path; JSON; XML; GWT; binary) and following encoding-scheme applied originally.
Burp Suite Proxy Toggler Lite Add-on for Mozilla Firefox.
The Java Burp Extension version of my BypassFuzzer tool
Burp extension to passively scan for applications revealing software version numbers
Bcheck scripts for Burp
A simple Burp extension for scanning stuffs in CTF
JSONPath extension for BurpSuite
Burp Suite extension for parsing Swagger web service definition files
Burp Extender to add unique form tokens to scanner requests.
Burp Suite plugin identifies insertion points for GWT (Google Web Toolkit) requests
One-Click BurpSuite Installer with essential plugins for penetration testers
Burp Suite extension designed to help security professionals search for custom sensitive information in HTTP responses
Burp MCP Security Analysis Toolkit