How many of you will agree that @PortSwigger @PortSwiggerRes @burpsuite is the best #Web #AppSec #bugbounty Tool available on the internet?
This thread includes some of the best Burp Extensions, which I personally love.
#pentest #security #infosec #bugbounty
This thread includes some of the best Burp Extensions, which I personally love.
#pentest #security #infosec #bugbounty
Turbo Intruder
Turbo Intruder is a Burp Suite extension for sending large numbers of HTTP requests and analyzing the results.
portswigger.net/bappstore/9aba…
#pentest #security #infosec #bugbounty
Turbo Intruder is a Burp Suite extension for sending large numbers of HTTP requests and analyzing the results.
portswigger.net/bappstore/9aba…
#pentest #security #infosec #bugbounty
Retire.js
This extension integrates Burp with the Retire.js repository to find vulnerable JavaScript libraries.
portswigger.net/bappstore/3623…
#pentest #security #infosec #bugbounty
This extension integrates Burp with the Retire.js repository to find vulnerable JavaScript libraries.
portswigger.net/bappstore/3623…
#pentest #security #infosec #bugbounty
Param Miner
This extension identifies hidden, unlinked parameters. It's particularly useful for finding web cache poisoning vulnerabilities.
portswigger.net/bappstore/17d2…
#pentest #security #infosec #bugbounty
This extension identifies hidden, unlinked parameters. It's particularly useful for finding web cache poisoning vulnerabilities.
portswigger.net/bappstore/17d2…
#pentest #security #infosec #bugbounty
J2EEScan
The goal of this extension is to improve the test coverage during web application penetration tests on J2EE applications.
portswigger.net/bappstore/7ec6…
#pentest #security #infosec #bugbounty
The goal of this extension is to improve the test coverage during web application penetration tests on J2EE applications.
portswigger.net/bappstore/7ec6…
#pentest #security #infosec #bugbounty
HTTP Request Smuggler
This is an extension for Burp Suite designed to help you launch HTTP Request Smuggling attacks. It also aids exploitation by handling cumbersome offset-tweaking for you.
James Kettle
portswigger.net/bappstore/aaaa…
#pentest #security #infosec #bugbounty
This is an extension for Burp Suite designed to help you launch HTTP Request Smuggling attacks. It also aids exploitation by handling cumbersome offset-tweaking for you.
James Kettle
portswigger.net/bappstore/aaaa…
#pentest #security #infosec #bugbounty
Flow
This extension provides a Proxy history-like view along with search filter capabilities for all Burp tools.
portswigger.net/bappstore/ee1c…
#pentest #security #infosec #bugbounty
This extension provides a Proxy history-like view along with search filter capabilities for all Burp tools.
portswigger.net/bappstore/ee1c…
#pentest #security #infosec #bugbounty
Error Message Checks
This extension passively reports detailed server error messages.
portswigger.net/bappstore/4f01…
#pentest #security #infosec #bugbounty
This extension passively reports detailed server error messages.
portswigger.net/bappstore/4f01…
#pentest #security #infosec #bugbounty
Copy As Python-Requests
This extension copies selected request(s) as Python-Requests invocations.
portswigger.net/bappstore/b324…
#pentest #security #infosec #bugbounty
This extension copies selected request(s) as Python-Requests invocations.
portswigger.net/bappstore/b324…
#pentest #security #infosec #bugbounty
Content Type Converter
This extension converts data submitted within requests between various common formats.
portswigger.net/bappstore/db57…
#pentest #security #infosec #bugbounty
This extension converts data submitted within requests between various common formats.
portswigger.net/bappstore/db57…
#pentest #security #infosec #bugbounty
Command Injection Attacker
This extension is a customizable payload generator, best for detecting OS command injection flaws during dynamic testing - conducted with no access to the source code or the filesystem.
portswigger.net/bappstore/33e4…
#pentest #security #infosec #bugbounty
This extension is a customizable payload generator, best for detecting OS command injection flaws during dynamic testing - conducted with no access to the source code or the filesystem.
portswigger.net/bappstore/33e4…
#pentest #security #infosec #bugbounty
Collaborator Everywhere
This extension augments your in-scope proxy traffic by injecting non-invasive headers designed to reveal backend systems by causing pingbacks to Burp Collaborator.
portswigger.net/bappstore/2495…
#pentest #security #infosec #bugbounty
This extension augments your in-scope proxy traffic by injecting non-invasive headers designed to reveal backend systems by causing pingbacks to Burp Collaborator.
portswigger.net/bappstore/2495…
#pentest #security #infosec #bugbounty
CO2
This extension contains various modules for enhancing Burp's capabiities.
portswigger.net/bappstore/c507…
#pentest #security #infosec #bugbounty
This extension contains various modules for enhancing Burp's capabiities.
portswigger.net/bappstore/c507…
#pentest #security #infosec #bugbounty
Bypass WAF
This extension add headers to all Burp requests to bypass some WAF products.
portswigger.net/bappstore/ae26…
#pentest #security #infosec #bugbounty
This extension add headers to all Burp requests to bypass some WAF products.
portswigger.net/bappstore/ae26…
#pentest #security #infosec #bugbounty
Burp Bounty, Scan Check Builder
This BurpSuite extension allows you, in a quick way, to improve the active and passive BurpSuite scanner by means of personalized rules through a very intuitive graphical interface.
portswigger.net/bappstore/618f…
#pentest #security #infosec #bugbounty
This BurpSuite extension allows you, in a quick way, to improve the active and passive BurpSuite scanner by means of personalized rules through a very intuitive graphical interface.
portswigger.net/bappstore/618f…
#pentest #security #infosec #bugbounty
Backslash Powered Scanner
This extension complements Burp's active scanner by using a novel approach capable of finding and confirming both known and unknown classes of server-side injection vulnerabilities. portswigger.net/bappstore/9cff…
#pentest #security #infosec #bugbounty
This extension complements Burp's active scanner by using a novel approach capable of finding and confirming both known and unknown classes of server-side injection vulnerabilities. portswigger.net/bappstore/9cff…
#pentest #security #infosec #bugbounty
Autorize
Autorize is an extension aimed at helping the penetration tester to detect authorization vulnerabilities, one of the more time-consuming tasks in a web application penetration test.
portswigger.net/bappstore/f9bb…
#pentest #security #infosec #bugbounty
Autorize is an extension aimed at helping the penetration tester to detect authorization vulnerabilities, one of the more time-consuming tasks in a web application penetration test.
portswigger.net/bappstore/f9bb…
#pentest #security #infosec #bugbounty
Asset Discovery
This extension discovers assets (domain, subdomain, IP, S3 bucket etc.) using passive scanning of HTTP responses and lists them as informational issues.
portswigger.net/bappstore/d927…
#pentest #security #infosec #bugbounty
This extension discovers assets (domain, subdomain, IP, S3 bucket etc.) using passive scanning of HTTP responses and lists them as informational issues.
portswigger.net/bappstore/d927…
#pentest #security #infosec #bugbounty
Additional Scanner Checks
This extension provides some additional passive Scanner checks.
portswigger.net/bappstore/a158…
#pentest #security #infosec #bugbounty
This extension provides some additional passive Scanner checks.
portswigger.net/bappstore/a158…
#pentest #security #infosec #bugbounty
Active Scan++
ActiveScan++ extends Burp Suite's active and passive scanning capabilities.
portswigger.net/bappstore/3123…
#pentest #security #infosec #bugbounty
ActiveScan++ extends Burp Suite's active and passive scanning capabilities.
portswigger.net/bappstore/3123…
#pentest #security #infosec #bugbounty
• • •
Missing some Tweet in this thread? You can try to
force a refresh
