Professional Documents
Culture Documents
Users can contribute with extensions to aid in the HTTP Request Smuggler The REST API can be enabled in user options. It
discovery of vulnerabilities. Be aware of false- This is an extension for Burp Suite designed to will by default be enabled on
positives and use your pentesting capabilities to help you launch HTTP Request Smuggling http://127.0.0.1:1337/. It supports interaction
ensure you fully explore the findings. attacks. via web-application too, not just CLI. Below is a
list of endpoints via their URL and the respective
Param Miner Active scan++ cURL command to use them.
Allows high-performance identifying of unlinked Allows us to find more vulnerabilities in terms of
parameters. Check for unlinked GET and Headers, suspicious input transformation, XML input The API can be especially useful when you need
and unlinked POST when applicable. handling, host header attacks and more. to send a consolidated list of URLs from a
different tool to the scan engine, or perhaps use
Backslash Powered Scanner Retire.js Burp Suite in headless mode.
Will give alerts on interesting transformations of data Finds outdated JavaScript and links to the
or other interesting things. Often, it will be false- relevant CVE's for your investigations. To open Burp Suite in headless mode run it with
positives, but it allows the penetration tester to focus the following arguments:
on potential vulnerabilities. java -jar -Xmx4g -
Utilities Djava.awt.headless=true
Software Vulnerability scanner /path/to/burp.jar
Checks software version numbers against These extensions are helpful utilities to a variety of
Get a list of defined issues:
vulnhub.com for vulnerabilities. different situations and help bring the penetration http://localhost:1337/knowledge_base/i
tester to their full potential. ssue_definitions
curl -vgw "\n" -X GET
Authorization and Authentication Logger++ 'http://127.0.0.1:1337/v0.1/knowledge_
Use this plugin to log and monitor your attacks from base/issue_definitions'
SAML-Raider e.g., scanner and more. Sort by status-code and do
Useful to inspect SAML messages, edit and re- an extra inspection on server 500 errors. When you Scan a URL with the Active Scanner (vulnerability scanner):
sign them. have done inspections, clear the logs. http://localhost:1337/scan
curl -vgw "\n" -X POST
Turbo Intruder 'http://127.0.0.1:1337/v0.1/scan' -d
JSON Web Tokens
Python scriptable interface where one can achieve '{"urls":["http://target.tgt/scanTarge
Lets you decode and manipulate JSON web
t1","http://target.tgt/scanTarget2"]}'
tokens on the fly, check their validity and custom functionality and very high speeds of HTTP
automate common attacks. requests through http pipelining. Check the status and progress of a given scan:
http://localhost:1337/scan/task_id
Autorize Taborator curl -vgw "\n" -X GET
Detect if scripts are accessible via different roles Quickly add and monitor Burp collaborator 'http://127.0.0.1:1337/v0.1/scan/mytas
or unauthenticated in the web-application. interactions. k_identifier'