10 Burp extensions I actually use... BUT none of them are in the top 30 most popular in the BApp Store!

I get tired of seeing the same extensions come up in "top 10" lists. Here are some hidden gems you might not have tried... yet. In no particular order.

🧵👇 Authentication Token Obtain and Replace (ATOR)

Session expiration is the bane of automation. If a session token expires mid scan, you're left with incomplete results. ATOR detects expired tokens, re-authenticates, and updates requests with the fresh token. Perfect for non-cookie session tokens!

I often get asked what tools I use for web app pentesting, and people are surprised when I say it's 99% Burp Suite Pro. Here's why...

🧵👇 It's called a "Suite" for a reason. It has a lot of features baked in: interception, scanning, fuzzing, analysis, plus extensions that make most external tools redundant.

OK, I have no idea how long this series of tweets will be, but I've heard from several people associated or previously associated with NCC. While I've verified the association, bear in mind that a lot of this is from single sources.

To start with, here's some backstory on the… twitter.com/i/web/status/1… Since February, NCC NA has tried to diversify its customer base more and has slashed its day rates to remain competitive. NCC Group also started an initiative to create a new center in Manila, where they can offshore cheap scan work.

One source alleged that the team sent to help… twitter.com/i/web/status/1…