### MindMap Exporter: OWASP Testing Guide Documentation Aid Source: https://github.com/snoopysecurity/awesome-burp-extensions/blob/master/README.md This extension aids in documenting specific OWASP Testing Guide V4 tests, including mapping execution paths through applications (OTG-INFO-007) and identifying application entry points (OTG-INFO-006). It helps structure and visualize assessment findings. ```APIDOC MindMapExporter: description: "Aids with documentation of OWASP Testing Guide V4 tests." functionality: "Helps map execution paths (OTG-INFO-007) and identify entry points (OTG-INFO-006)." usage_context: "Post-assessment documentation, reporting." output_format: "Exportable mind map format." ``` -------------------------------- ### Burp Extension: Burp Wicket Handler Source: https://github.com/snoopysecurity/awesome-burp-extensions/blob/master/README.md Used as part of Burp's Session Handling, this extension allows recording a macro that simply gets the page you want to submit. It assists in managing sessions for applications built with Apache Wicket. ```APIDOC Burp Wicket Handler: Description: Used as part of Burps Session Handling, Record a Macro which just gets the page you want to submit. ``` -------------------------------- ### Burp Extension: Proxy Auto Config Source: https://github.com/snoopysecurity/awesome-burp-extensions/blob/master/README.md Proxy Auto Config automatically adjusts Burp's upstream proxy settings to match the desktop's proxy configuration. This ensures seamless integration with existing network setups, reducing manual configuration. ```APIDOC Extension Name: Proxy Auto Config Functionality: Automatically configures Burp's upstream proxies to match desktop proxy settings. Link: https://portswigger.net/bappstore/7b3eae07aa724196ab85a8b64cd095d1 ``` -------------------------------- ### JCryption Handler for Burp Suite Source: https://github.com/snoopysecurity/awesome-burp-extensions/blob/master/README.md This extension facilitates manual and automatic security assessments for web applications utilizing the JCryption JavaScript library for encrypting data sent via HTTP GET and POST methods. ```APIDOC JCryption Handler: Purpose: Aids in security assessment of web applications using JCryption JavaScript library for data encryption. Functionality: Supports manual and automatic assessment. Platform: Burp Suite Extension. ``` -------------------------------- ### GAP Burp Extension for Endpoint and Parameter Discovery Source: https://github.com/snoopysecurity/awesome-burp-extensions/blob/master/README.md GAP (Get All Parameters, Links, and Words) is a Burp Suite extension that assists in identifying potential endpoints and parameters. It also generates a custom target wordlist to aid in security testing. ```APIDOC GAP (Get All Parameters, Links, and Words): Purpose: Helps find potential endpoints, parameters, and generate custom wordlists. Integration: Burp Suite extension. ``` -------------------------------- ### GAP-Burp-Extension: Enhanced Parameter and Link Discovery Source: https://github.com/snoopysecurity/awesome-burp-extensions/blob/master/README.md This is an evolution of the original getAllParams extension for Burp. Not only does it find more potential parameters for you to investigate, but it also finds potential links to try these parameters on. ```APIDOC GAPBurpExtension: description: "Evolution of getAllParams extension, finding more parameters and links." functionality: "Enhanced parameter discovery, identification of links for parameter testing." usage_context: "Active testing, reconnaissance." output_format: "Discovered parameters and associated links." ``` -------------------------------- ### Protobuf Decoder for Burp Suite Source: https://github.com/snoopysecurity/awesome-burp-extensions/blob/master/README.md A straightforward Google Protobuf Decoder extension for Burp Suite. ```APIDOC Protobuf Decoder: Purpose: Decodes Google Protobuf data. Platform: Burp Suite Extension. ``` -------------------------------- ### Burp Extension: Quicker Context Source: https://github.com/snoopysecurity/awesome-burp-extensions/blob/master/README.md This extension introduces the 'Quicker Context' dialog, a lightweight interface for selecting tabs or executing application and context-menu entries. Users can easily navigate by typing parts of names or choosing from history, boosting productivity. ```APIDOC Extension Name: Burp-Quicker-Context-Extension Functionality: Provides a 'Quicker Context' dialog for easier tab selection and menu entry execution. Link: https://github.com/bytebutcher/burp-quicker-context ``` -------------------------------- ### Connect Burp with HP WebInspect Source: https://github.com/snoopysecurity/awesome-burp-extensions/blob/master/README.md This is a binary-only repository for the HP WebInspect Connector, authored by HP, facilitating integration between Burp Suite and HP WebInspect. ```APIDOC WebInspect Connector: Purpose: Facilitates integration between Burp Suite and HP WebInspect. Details: Binary-only repository, authored by HP. ``` -------------------------------- ### Import Contrast Teamserver Endpoints to Burp Sitemap Source: https://github.com/snoopysecurity/awesome-burp-extensions/blob/master/README.md Burptrast is designed to pull endpoint information from Teamserver and import it into Burp's sitemap, facilitating the analysis of application attack surfaces. ```APIDOC Burptrast: Purpose: Designed to pull endpoint information from Teamserver and import it into Burp's sitemap. Functionality: Facilitates analysis of application attack surfaces. ``` -------------------------------- ### Levo Burp Extension: OpenAPI Spec Generation and PII Detection Source: https://github.com/snoopysecurity/awesome-burp-extensions/blob/master/README.md Build OpenApi specs from Burp's traffic using Levo.ai. Also detect and classify the PII, and annotate specs with the PII details. ```APIDOC LevoBurpExtension: description: "Builds OpenAPI specifications from Burp traffic and detects/classifies PII." functionality: "OpenAPI spec generation, PII detection and annotation." usage_context: "Traffic analysis, API documentation, privacy compliance." output_format: "OpenAPI specifications, PII details." ``` -------------------------------- ### Directory Importer: Import Directory Bruteforcing Results Source: https://github.com/snoopysecurity/awesome-burp-extensions/blob/master/README.md This Burp Suite plugin facilitates importing directory bruteforcing results into Burp for further analysis. It streamlines the process of integrating external scan findings into the Burp workflow. ```APIDOC DirectoryImporter: description: "Burpsuite plugin for importing directory bruteforcing results into Burp." functionality: "Integration of external directory bruteforcing results." usage_context: "Post-bruteforcing analysis." output_format: "Imported results within Burp's site map." ``` -------------------------------- ### Fast Infoset Tester for Burp Suite Source: https://github.com/snoopysecurity/awesome-burp-extensions/blob/master/README.md This extension converts incoming Fast Infoset requests and responses to XML, and converts outgoing messages back to Fast Infoset format. ```APIDOC Fast Infoset Tester: Purpose: Converts Fast Infoset to XML and XML to Fast Infoset. Supported Operations: Incoming Fast Infoset to XML, outgoing XML to Fast Infoset. Platform: Burp Suite Extension. ``` -------------------------------- ### ASN.1 Toolbox for Burp Suite Source: https://github.com/snoopysecurity/awesome-burp-extensions/blob/master/README.md Provides tools for working with ASN.1 data formats within Burp Suite. ```APIDOC Burp ASN1 Toolbox: Purpose: Provides tools for working with ASN.1 data. Platform: Burp Suite Extension. ``` -------------------------------- ### Burp Smart Buster: Content Discovery Plugin Source: https://github.com/snoopysecurity/awesome-burp-extensions/blob/master/README.md This Burp Suite extension enhances content discovery by intelligently identifying hidden files and directories. It aims to improve the effectiveness of traditional directory busting techniques. ```APIDOC BurpSmartBuster: description: "A Burp Suite content discovery plugin that adds intelligence to directory busting." functionality: "Enhanced content discovery, smart directory enumeration." usage_context: "Active scanning, content analysis." output_format: "Discovered files and directories within Burp." ``` -------------------------------- ### Import Wstalker CSV or ZAP Export to Burp Sitemap Source: https://github.com/snoopysecurity/awesome-burp-extensions/blob/master/README.md Import To Sitemap is a Burp Suite Extension designed to import wstalker CSV files or ZAP export files into the Burp Sitemap, facilitating consolidation of reconnaissance data. ```APIDOC Import To Sitemap: Purpose: Burp Suite Extension to import wstalker CSV file or ZAP export file into Burp Sitemap. Functionality: Consolidates reconnaissance data. ``` -------------------------------- ### Xkeys: Extract Interesting Strings from Webpages Source: https://github.com/snoopysecurity/awesome-burp-extensions/blob/master/README.md Xkeys is a Burp Suite Extension that extracts interesting strings such as keys, secrets, or tokens from a webpage. It lists these findings as information issues, aiding in the discovery of sensitive hardcoded values. ```APIDOC Xkeys: description: "A Burp Suite Extension to extract interesting strings (key, secret, token, or etc.) from a webpage." functionality: "Extraction of sensitive strings from web content." usage_context: "Passive scanning." output_format: "Information issues within Burp." ``` -------------------------------- ### Browser Repeater for Burp Suite Source: https://github.com/snoopysecurity/awesome-burp-extensions/blob/master/README.md An extension for Burp Suite's Repeater tool that enables rendering HTTP responses in a real browser environment. ```APIDOC Browser Repeater: Purpose: Renders HTTP responses from Burp Repeater in a real browser. Platform: Burp Suite Extension. ``` -------------------------------- ### Integrate Burp with ThreadFix Source: https://github.com/snoopysecurity/awesome-burp-extensions/blob/master/README.md This extension provides an interface between Burp and ThreadFix, a vulnerability aggregation and management platform. ```APIDOC ThreadFix: Purpose: Provides an interface between Burp and ThreadFix. Integration: Burp Suite -> ThreadFix (vulnerability aggregation and management platform). ``` -------------------------------- ### EsPReSSO BurpSuite Extension Source: https://github.com/snoopysecurity/awesome-burp-extensions/blob/master/README.md An extension for BurpSuite that highlights SSO messages in Burp's proxy window. ```APIDOC EsPReSSO: Description: An extension for BurpSuite that highlights SSO messages in Burp's proxy window. ``` -------------------------------- ### Burp Extension: Burplay/Multi Session Replay for Privilege Escalation Testing Source: https://github.com/snoopysecurity/awesome-burp-extensions/blob/master/README.md Burplay is a Burp Extension that allows for replaying any number of requests using the same modification definitions. Its primary purpose is to aid in searching for Privilege Escalation issues by facilitating multi-session replay. ```APIDOC Burplay/Multi Session Replay: Type: Burp Extension Purpose: Allows replaying requests with same modifications for Privilege Escalation issues. ``` -------------------------------- ### Integrate Burp with Faraday Penetration-Test Environment Source: https://github.com/snoopysecurity/awesome-burp-extensions/blob/master/README.md This extension integrates Burp with the Faraday Integrated Penetration-Test Environment, allowing for consolidated reporting and management of penetration testing activities. ```APIDOC Faraday: Purpose: Integrates Burp with the Faraday Integrated Penetration-Test Environment. Integration: Burp Suite -> Faraday. ``` -------------------------------- ### Burp OAuth Plugin Source: https://github.com/snoopysecurity/awesome-burp-extensions/blob/master/README.md OAuth plugin for Burp Suite Extender. ```APIDOC Burp OAuth: Description: OAuth plugin for Burp Suite Extender. ``` -------------------------------- ### NTLM Challenge Decoder for Burp Suite Source: https://github.com/snoopysecurity/awesome-burp-extensions/blob/master/README.md This extension decodes NTLM SSP headers within Burp Suite. ```APIDOC NTLM Challenge Decoder: Purpose: Decodes NTLM SSP headers. Platform: Burp Suite Extension. ``` -------------------------------- ### GQL Parser for Burp Suite Source: https://github.com/snoopysecurity/awesome-burp-extensions/blob/master/README.md A Burp Suite extension for parsing GraphQL queries and responses. ```APIDOC GQL Parser: Purpose: Parses GraphQL data. Platform: Burp Suite Extension. ``` -------------------------------- ### Upload Burp Scan Reports to Code Dx Source: https://github.com/snoopysecurity/awesome-burp-extensions/blob/master/README.md This extension uploads scan reports directly to CodeDx, a software vulnerability correlation and management system, centralizing vulnerability data. ```APIDOC Code Dx: Purpose: Uploads Burp scan reports directly to CodeDx. Integration: Burp Suite scan reports -> CodeDx (software vulnerability correlation and management system). ``` -------------------------------- ### Access YesWeHack Bug Bounty Programs in Burp Source: https://github.com/snoopysecurity/awesome-burp-extensions/blob/master/README.md YesWeBurp is an extension for BurpSuite allowing users to access all their https://yeswehack.com/ bug bounty programs directly inside Burp, streamlining bug bounty workflows. ```APIDOC YesWeBurp: Purpose: Allows access to https://yeswehack.com/ bug bounty programs directly inside BurpSuite. Functionality: Streamlines bug bounty workflows. ``` -------------------------------- ### SAMLReQuest Burp Suite Extension Source: https://github.com/snoopysecurity/awesome-burp-extensions/blob/master/README.md Enables you to view, decode, and modify SAML requests and responses. ```APIDOC SAMLReQuest: Description: Enables viewing, decoding, and modifying SAML requests and responses. ``` -------------------------------- ### Generate Nuclei Templates from Burp Suite Source: https://github.com/snoopysecurity/awesome-burp-extensions/blob/master/README.md A BurpSuite plugin intended to help with nuclei template generation, streamlining the creation of custom vulnerability scanning templates. ```APIDOC Nuclei Template Generator Burp Plugin: Purpose: BurpSuite plugin to help with nuclei template generation. Functionality: Streamlines creation of custom vulnerability scanning templates. ``` -------------------------------- ### Burp Extension: burp-xss-sql-plugin for XSS, OpenRedirects, SQLi Source: https://github.com/snoopysecurity/awesome-burp-extensions/blob/master/README.md This Burp plugin has been widely used to identify various web vulnerabilities, including Cross-Site Scripting (XSS), Open Redirects, and SQL Injection. It has a proven track record in bug bounty findings. ```APIDOC burp-xss-sql-plugin: Type: Burp Plugin Purpose: Helps find bug bounty-worthy XSSes, OpenRedirects, and SQLi. ``` -------------------------------- ### SpyDir: Automated Forced Browsing/Endpoint Enumeration Source: https://github.com/snoopysecurity/awesome-burp-extensions/blob/master/README.md SpyDir is a Burp Suite extension designed to assist with automated forced browsing and endpoint enumeration. It helps discover hidden or unlinked application endpoints. ```APIDOC SpyDir: description: "BurpSuite extension to assist with Automated Forced Browsing/Endpoint Enumeration." functionality: "Automated forced browsing, endpoint enumeration." usage_context: "Active scanning, reconnaissance." output_format: "Discovered endpoints and directories." ``` -------------------------------- ### JSON JTree Viewer for Burp Suite Source: https://github.com/snoopysecurity/awesome-burp-extensions/blob/master/README.md A Burp Suite extension that provides a JTree viewer for JSON data. ```APIDOC JSON JTree viewer: Purpose: Displays JSON data in a JTree format. Platform: Burp Suite Extension. ``` -------------------------------- ### Headers Burp Extension: Security Header Reporting Aid Source: https://github.com/snoopysecurity/awesome-burp-extensions/blob/master/README.md It removes the hassle of reporting missing security headers in your pentest reports. ```APIDOC HeadersBurpExtension: description: "Removes the hassle of reporting missing security headers in pentest reports." functionality: "Automated identification and reporting of security header configurations." usage_context: "Post-scan analysis, reporting." output_format: "Security header status for reporting." ``` -------------------------------- ### GWT Wrapper for Burp Suite Source: https://github.com/snoopysecurity/awesome-burp-extensions/blob/master/README.md A Burp Suite extension that provides a wrapper for Google Web Toolkit (GWT) applications. ```APIDOC Burp Suite GWT wrapper: Purpose: Provides a wrapper for Google Web Toolkit (GWT). Platform: Burp Suite Extension. ``` -------------------------------- ### Burp Extension: Batch Scan Report Generator Source: https://github.com/snoopysecurity/awesome-burp-extensions/blob/master/README.md This extension simplifies the generation of multiple scan reports within Burp Suite. Users can create reports grouped by host with just a few clicks, significantly enhancing reporting efficiency. ```APIDOC Extension Name: Batch Scan Report Generator Functionality: Generates multiple scan reports by host with ease. Link: https://portswigger.net/bappstore/bc4ad87282e64fc4b35e9b9b05bac1dd ``` -------------------------------- ### Burp Extension: Proxy Action Rules Source: https://github.com/snoopysecurity/awesome-burp-extensions/blob/master/README.md This extension provides automated rules for proxy requests, allowing them to be forwarded, intercepted, or dropped. It also centralizes list management and actively displays proxy log information for better control. ```APIDOC Extension Name: Proxy Action Rules Functionality: Automatically forwards, intercepts, and drops proxy requests; displays log info and centralizes list management. Link: https://github.com/jamesm0rr1s/BurpSuite-Active-AutoProxy ``` -------------------------------- ### Import Pcap Files to Burp Site Map Source: https://github.com/snoopysecurity/awesome-burp-extensions/blob/master/README.md This extension enables Pcap and Pcap-NG files to be imported into the Burp Target site map, and passively scanned, allowing analysis of network traffic within Burp. ```APIDOC Pcap Importer: Purpose: Enables Pcap and Pcap-NG files to be imported into the Burp Target site map and passively scanned. Functionality: Allows analysis of network traffic within Burp. ``` -------------------------------- ### Burp Plugin for Bug Bounty Reconnaissance Framework Source: https://github.com/snoopysecurity/awesome-burp-extensions/blob/master/README.md This extension integrates Burp Suite with the Bug Bounty Reconnaissance Framework (BBRF), enhancing reconnaissance capabilities for bug bounty hunters. ```APIDOC bbrf-burp-plugin: Purpose: Extension for Bug Bounty Reconnaissance Framework (BBRF). Integration: Burp Suite -> BBRF. ``` -------------------------------- ### Dirbuster Plugin for Burp Suite Source: https://github.com/snoopysecurity/awesome-burp-extensions/blob/master/README.md This is a Dirbuster plugin specifically designed for Burp Suite, extending its directory brute-forcing capabilities. ```APIDOC Burp Dirbuster: Purpose: Dirbuster plugin for Burp Suite. Functionality: Extends directory brute-forcing capabilities within Burp. ``` -------------------------------- ### Burp Extension: Share Requests Source: https://github.com/snoopysecurity/awesome-burp-extensions/blob/master/README.md This Burp Suite extension allows users to generate shareable links to specific requests. Other Burp Suite users can then import these links, facilitating collaborative analysis and sharing of findings. ```APIDOC Extension Name: Burp Share Requests Functionality: Generates shareable links for specific Burp Suite requests for collaborative import. Link: https://github.com/Static-Flow/BurpSuiteShareRequests ``` -------------------------------- ### Burp Extension: XSS Cheatsheet for PortSwigger's XSS Cheat Sheet Integration Source: https://github.com/snoopysecurity/awesome-burp-extensions/blob/master/README.md This extension integrates PortSwigger's comprehensive Cross-site scripting cheat sheet directly into Burp Suite. It provides quick access to various XSS payloads and techniques during testing. ```APIDOC XSS Cheatsheet: Type: Burp Extension Purpose: Incorporates PortSwigger's Cross-site scripting cheat sheet into Burp. ``` -------------------------------- ### PeopleSoft Token Extractor Burp Extension Source: https://github.com/snoopysecurity/awesome-burp-extensions/blob/master/README.md This extension help test PeopleSoft SSO tokens. ```APIDOC PeopleSoft Token Extractor: Description: Helps test PeopleSoft SSO tokens. ``` -------------------------------- ### Parse Nessus Scans and Update Burp Site Map Source: https://github.com/snoopysecurity/awesome-burp-extensions/blob/master/README.md This extension parses a Nessus scan XML file to detect web servers. Any web servers discovered are added to the site map, aiding in consolidating scan results. ```APIDOC Nessus Loader: Purpose: Parses a Nessus scan XML file to detect web servers. Functionality: Adds discovered web servers to the Burp site map. ``` -------------------------------- ### BeanStack - Stack-trace Fingerprinter: Java Stack-trace Fingerprinting Source: https://github.com/snoopysecurity/awesome-burp-extensions/blob/master/README.md BeanStack performs Java fingerprinting using stack traces. Users should note that this extension sends potentially private stack traces to a third party for processing, which is a privacy consideration. ```APIDOC BeanStack: description: "Java Fingerprinting using Stack Traces." functionality: "Identifies Java technologies based on stack traces." usage_context: "Passive analysis of error responses." output_format: "Fingerprinting results." notes: "Sends potentially private stack-traces to a third party for processing." ``` -------------------------------- ### Collaborate and Store Burp Data via Git Source: https://github.com/snoopysecurity/awesome-burp-extensions/blob/master/README.md This extension enables Burp users to store Burp data and collaborate via Git. Users can right-click supported items in Burp to send them to a Git repository and use the Git Bridge tab to send items back to the originating Burp tools, facilitating team-based security testing. ```APIDOC Git Bridge: Purpose: Allows Burp users to store Burp data and collaborate via Git. Features: Right-click to send items to Git repo; Git Bridge tab to send items back to Burp tools. ``` -------------------------------- ### Secret Finder: API Key and Sensitive Data Discovery Source: https://github.com/snoopysecurity/awesome-burp-extensions/blob/master/README.md A Burp Suite extension designed to help pentesters discover API keys, access tokens, and other sensitive data using regular expressions. It automates the identification of hardcoded secrets within application responses. ```APIDOC SecretFinder: description: "A Burp Suite extension to help pentesters discover API keys, access tokens, and more sensitive data." functionality: "Discovery of sensitive data via regular expressions." usage_context: "Passive scanning of HTTP responses." output_format: "Information issues within Burp." ``` -------------------------------- ### Burp Extension: HTTP Mock Source: https://github.com/snoopysecurity/awesome-burp-extensions/blob/master/README.md This Burp extension provides mock responses that can be customized based on real ones. It is useful for testing scenarios where specific server responses are needed without actual server interaction. ```APIDOC Extension Name: HTTP Mock Functionality: Provides customizable mock HTTP responses based on real traffic. Link: https://portswigger.net/bappstore/42680f96fc214513bc5211b3f25fd98b ``` -------------------------------- ### Burp Extension: Turbo Data Miner Source: https://github.com/snoopysecurity/awesome-burp-extensions/blob/master/README.md This extension adds a 'Turbo Miner' tab and context menu entry to Burp Suite. It allows users to write or select Python scripts to execute on request/response items from Proxy History, Site Map, or on live traffic, enabling powerful data processing. ```APIDOC Extension Name: Turbo Data Miner Functionality: Adds a 'Turbo Miner' tab for executing Python scripts on request/response items from history or live traffic. Link: https://github.com/chopicalqui/TurboDataMiner ``` -------------------------------- ### Integrate Burp Scanner Findings with ElasticSearch Source: https://github.com/snoopysecurity/awesome-burp-extensions/blob/master/README.md This extension passes along issues discovered by Burp to either stdout or an ElasticSearch database, enabling centralized logging and analysis of security findings. ```APIDOC Report To Elastic Search: Purpose: Passes issues discovered by Burp Scanner to stdout or an ElasticSearch database. Integration: Burp Suite Scanner -> stdout / ElasticSearch. ``` -------------------------------- ### SSL Scanner: SSL Vulnerability Identification Source: https://github.com/snoopysecurity/awesome-burp-extensions/blob/master/README.md This extension enables Burp Suite to scan for SSL vulnerabilities. It helps identify misconfigurations or weaknesses in the SSL/TLS implementation of web applications. ```APIDOC SSLScanner: description: "Enables Burp to scan for SSL vulnerabilities." functionality: "Identification of SSL/TLS misconfigurations and weaknesses." usage_context: "Active scanning, vulnerability assessment." output_format: "Scanner issues." ``` -------------------------------- ### JSON Beautifier (Java) for Burp Suite Source: https://github.com/snoopysecurity/awesome-burp-extensions/blob/master/README.md A JSON beautifier extension for Burp Suite, implemented in Java. ```APIDOC JSON Beautifier: Purpose: Beautifies JSON data. Language: Java. Platform: Burp Suite Extension. ``` -------------------------------- ### Burp Extension: Authentication Token Obtain and Replace (ATOR) Source: https://github.com/snoopysecurity/awesome-burp-extensions/blob/master/README.md This plugin is created to help automated scanning using Burp in certain session management scenarios. It assists in obtaining and replacing authentication tokens dynamically. ```APIDOC Authentication Token Obtain and Replace (ATOR): Description: The plugin is created to help automated scanning using Burp in certain session management scenarios. ``` -------------------------------- ### Interesting Files Scanner: Active Scan for Sensitive Files Source: https://github.com/snoopysecurity/awesome-burp-extensions/blob/master/README.md Interesting Files Scanner extends Burp Suite's active scanner to identify interesting files and directories. A key feature is its ability to check for false positives using tested patterns for each case, improving scan accuracy. ```APIDOC InterestingFilesScanner: description: "Extends Burp Suite's active scanner for interesting files and directories." functionality: "Active scanning for sensitive files/directories, false positive checking." usage_context: "Active scanning." output_format: "Scanner issues." ``` -------------------------------- ### Burp Extension: Copy as FFUF Command Source: https://github.com/snoopysecurity/awesome-burp-extensions/blob/master/README.md This Burp Suite extension generates FFUF commands from requests. It simplifies the process of transferring requests from Burp to the FFUF tool for fuzzing and brute-forcing, streamlining workflows. ```APIDOC Extension Name: Copy as FFUF Command Functionality: Generates FFUF commands from Burp Suite requests. Link: https://github.com/phlmox/burp_copy_as_ffuf_command ``` -------------------------------- ### GraphQL Beautifier for Burp Suite Source: https://github.com/snoopysecurity/awesome-burp-extensions/blob/master/README.md A Burp Suite extension designed to enhance the readability of GraphQL requests. ```APIDOC GraphQL Beautifier: Purpose: Improves readability of GraphQL requests. Platform: Burp Suite Extension. ``` -------------------------------- ### SAML Encoder/Decoder Burp Extension Source: https://github.com/snoopysecurity/awesome-burp-extensions/blob/master/README.md This extension adds a new tab to Burp's main UI, allowing encoding and decoding of SAML (Security Assertion Markup Language) formatted messages. ```APIDOC SAML Encoder/Decoder: Description: Adds a new tab to Burp's main UI for encoding and decoding SAML (Security Assertion Markup Language) formatted messages. ``` -------------------------------- ### Burp Hash: Parameter Hashing Analysis Source: https://github.com/snoopysecurity/awesome-burp-extensions/blob/master/README.md This extension assists in analyzing applications that hash parameters, such as ID numbers and email addresses, for use in secure tokens like session cookies. It helps identify patterns and potential vulnerabilities related to these hashed values. ```APIDOC BurpHash: description: "Analyzes applications that hash parameters for use in secure tokens." functionality: "Identification of hashed parameters (e.g., IDs, emails) in secure tokens." usage_context: "Analysis of application behavior, session management." output_format: "Insights into hashed parameter usage." ``` -------------------------------- ### Parse Nmap Output and Update Burp Scope Source: https://github.com/snoopysecurity/awesome-burp-extensions/blob/master/README.md This extension provides a GUI interface for parsing Nmap output files, and automatically adding common web application ports to Burp's target scope, streamlining reconnaissance. ```APIDOC NMAP Parser: Purpose: Provides a GUI interface for parsing Nmap output files and adding common web application ports to Burp's target scope. Integration: Nmap output files -> Burp Suite Target scope. ``` -------------------------------- ### ExifTool Scanner: File Metadata Extraction with ExifTool Source: https://github.com/snoopysecurity/awesome-burp-extensions/blob/master/README.md This Burp extension reads metadata from various filetypes (JPEG, PNG, PDF, DOC, XLS, and more) using ExifTool. Results are presented as Passive scan issues and Message editor tabs, providing detailed insights into file origins and properties. ```APIDOC ExifToolScanner: description: "Reads metadata from various filetypes (JPEG, PNG, PDF, DOC, XLS, etc.) using ExifTool." functionality: "Metadata extraction, detailed insights into file origins and properties." usage_context: "Passive scanning." output_format: "Passive scan issues and Message editor tabs." ``` -------------------------------- ### .NET Beautifier for Burp Suite Source: https://github.com/snoopysecurity/awesome-burp-extensions/blob/master/README.md A BurpSuite extension designed to beautify .NET message parameters and reduce clutter, specifically addressing elements like __VIEWSTATE in .NET web applications. ```APIDOC .NET Beautifier: Purpose: Beautifies .NET message parameters and hides clutter (e.g., __VIEWSTATE). Platform: Burp Suite Extension. ``` -------------------------------- ### Push Burp Scans to Nucleus Platform Source: https://github.com/snoopysecurity/awesome-burp-extensions/blob/master/README.md This extension allows Burp Suite scans to be pushed to the Nucleus platform, a vulnerability management and risk-based security platform. ```APIDOC Nucleus Burp Extension: Purpose: Allows Burp Suite scans to be pushed to the Nucleus platform. Integration: Burp Suite scans -> Nucleus platform (vulnerability management). ``` -------------------------------- ### Burp JS Miner: Static File Analysis for Interesting Data Source: https://github.com/snoopysecurity/awesome-burp-extensions/blob/master/README.md This tool attempts to find interesting information within static files, primarily JavaScript and JSON files. It helps uncover hidden endpoints, sensitive data, or configuration details embedded in client-side resources. ```APIDOC BurpJSMiner: description: "Finds interesting stuff inside static files; mainly JavaScript and JSON files." functionality: "Discovery of hidden endpoints, sensitive data, configuration details." usage_context: "Passive scanning, static file analysis." output_format: "Information within Burp." ``` -------------------------------- ### Image Metadata: Image File Metadata Extraction Source: https://github.com/snoopysecurity/awesome-burp-extensions/blob/master/README.md This extension extracts metadata present in image files. While rarely critical, the information found can be useful for general reconnaissance, including usernames who created the files, local paths, and technologies used. ```APIDOC ImageMetadata: description: "Extracts metadata present in image files." functionality: "Reconnaissance, identification of usernames, local paths, technologies from image metadata." usage_context: "Passive scanning." output_format: "Information within Burp." ``` -------------------------------- ### WebSphere Portlet State Decoder for Burp Suite Source: https://github.com/snoopysecurity/awesome-burp-extensions/blob/master/README.md This extension displays the decoded XML state of a WebSphere Portlet in a new tab within Burp Suite's request viewer. ```APIDOC WebSphere Portlet State Decoder: Purpose: Decodes and displays the XML state of WebSphere Portlets in a new tab. Platform: Burp Suite Extension. ``` -------------------------------- ### Burp Extension: TokenJar Source: https://github.com/snoopysecurity/awesome-burp-extensions/blob/master/README.md This extension provides a way of managing various types of tokens, such as anti-CSRF, CSurf, and Session IDs. It streamlines the handling of dynamic tokens during security assessments. ```APIDOC TokenJar: Description: This extension provides a way of managing tokens like anti-CSRF, CSurf, Session IDs. ``` -------------------------------- ### Enable Collaborative Burp Usage via XMPP/Jabber Source: https://github.com/snoopysecurity/awesome-burp-extensions/blob/master/README.md This extension enables collaborative usage of Burp using XMPP/Jabber. Users can send items between Burp instances by connecting over a chat session, facilitating team-based security assessments. ```APIDOC Burp Chat: Purpose: Enables collaborative usage of Burp using XMPP/Jabber. Functionality: Send items between Burp instances over a chat session. ``` -------------------------------- ### JSWS Parser for Burp Suite Source: https://github.com/snoopysecurity/awesome-burp-extensions/blob/master/README.md This extension parses responses containing JavaScript Web Service Proxies (JSWS) and generates corresponding JSON requests for all supported methods. ```APIDOC JSWS Parser: Purpose: Parses JavaScript Web Service Proxy (JSWS) responses. Output: Generates JSON requests for supported methods. Platform: Burp Suite Extension. ``` -------------------------------- ### OAuthv1 - Signing Burp Extension Source: https://github.com/snoopysecurity/awesome-burp-extensions/blob/master/README.md The purpose of this extension is to provide an additional authentication method that is not natively supported by Burp Suite. Currently, this tool only supports OAuth v1. ```APIDOC OAuthv1 - Signing: Description: Provides an additional authentication method not natively supported by Burp Suite. Supported Version: OAuth v1. ``` -------------------------------- ### Burp Extension: BugPoC Source: https://github.com/snoopysecurity/awesome-burp-extensions/blob/master/README.md The BugPoC Burp Suite Extension facilitates sending raw HTTP Requests directly to BugPoC.com. This streamlines the process of creating and validating Proof-of-Concepts for vulnerabilities. ```APIDOC Extension Name: BugPoC Functionality: Sends raw HTTP Requests from Burp Suite to BugPoC.com. Link: https://github.com/bugpoc-ryan/BugPoC-Burp-Extension ``` -------------------------------- ### Burp Extension: Command Injection Attacker Source: https://github.com/snoopysecurity/awesome-burp-extensions/blob/master/README.md This extension serves as a comprehensive OS command injection payload generator. It assists in crafting and testing various payloads to identify and exploit command injection vulnerabilities. ```APIDOC Command Injection Attacker: Description: A comprehensive OS command injection payload generator. ``` -------------------------------- ### HTTP Methods Discloser: Discover Allowed HTTP Methods Source: https://github.com/snoopysecurity/awesome-burp-extensions/blob/master/README.md This extension makes an OPTIONS request to determine if HTTP methods other than the original request are available for a given endpoint. It helps identify potentially exposed or unintended HTTP methods. ```APIDOC HTTPMethodsDiscloser: description: "Determines if other HTTP methods than the original request are available." functionality: "Discovery of allowed HTTP methods via OPTIONS requests." usage_context: "Active testing, endpoint analysis." output_format: "Information within Burp." ``` -------------------------------- ### Integrate Burp with Peach API Security Source: https://github.com/snoopysecurity/awesome-burp-extensions/blob/master/README.md This Burp plugin provides integration between Burp and Peach API Security, enhancing API vulnerability testing capabilities. ```APIDOC Peach API Integration: Purpose: Provides integration between Burp and Peach API Security. Functionality: Enhances API vulnerability testing capabilities. ``` -------------------------------- ### PDF Viewer for Burp Suite Source: https://github.com/snoopysecurity/awesome-burp-extensions/blob/master/README.md This extension adds a tab to Burp Suite's HTTP message viewer, allowing it to render PDF files found in responses. ```APIDOC PDF Viewer: Purpose: Renders PDF files directly within Burp Suite's HTTP message viewer. Platform: Burp Suite Extension. ``` -------------------------------- ### Burp Extension: Team Extension Source: https://github.com/snoopysecurity/awesome-burp-extensions/blob/master/README.md This Burp Suite plugin enables real-time sharing of proxy history among multiple web application testers. It fosters collaboration and streamlines team-based security assessments, improving efficiency. ```APIDOC Extension Name: BurpSuite-Team-Extension Functionality: Allows multiple web app testers to share proxy history in real-time. Link: https://github.com/Static-Flow/BurpSuite-Team-Extension ``` -------------------------------- ### Burp Extension: AdminPanelFinder for Admin Interface Enumeration Source: https://github.com/snoopysecurity/awesome-burp-extensions/blob/master/README.md AdminPanelFinder is a Burp Suite extension that enumerates infrastructure and application Admin Interfaces, aligning with OWASP OTG-CONFIG-005. It helps identify hidden or exposed administrative panels. ```APIDOC AdminPanelFinder: Type: Burp Suite Extension Purpose: Enumerates infrastructure and application Admin Interfaces (OWASP OTG-CONFIG-005). ``` -------------------------------- ### JS Beautifier for Burp Suite Source: https://github.com/snoopysecurity/awesome-burp-extensions/blob/master/README.md A Burp Suite extension for beautifying JavaScript code. ```APIDOC JS Beautifier: Purpose: Beautifies JavaScript code. Platform: Burp Suite Extension. ``` -------------------------------- ### Burp Extension: ExtendedMacro Source: https://github.com/snoopysecurity/awesome-burp-extensions/blob/master/README.md This extension provides a similar but extended version of the standard Burp Suite macro feature. It offers enhanced capabilities for automating complex sequences of requests, which is useful for session handling and authenticated scanning. ```APIDOC ExtendedMacro: Description: This extension provides a similar but extended version of the Burp Suite macro feature. ``` -------------------------------- ### Integrate Burp with GAT Digital Security Platform Source: https://github.com/snoopysecurity/awesome-burp-extensions/blob/master/README.md This Burp Extension provides integration with the GAT Digital security platform, enabling seamless data exchange and workflow automation. ```APIDOC GAT Security Platform Integration: Purpose: Burp Extension for integration with GAT Digital security platform. Functionality: Enables seamless data exchange and workflow automation. ``` -------------------------------- ### Burp Extension: Burp SessionAuth for Privilege Escalation Support Source: https://github.com/snoopysecurity/awesome-burp-extensions/blob/master/README.md Burp SessionAuth is a Burp plugin that supports the discovery of privilege escalation vulnerabilities. It assists in analyzing session management and authorization mechanisms to identify potential bypasses. ```APIDOC Burp SessionAuth: Type: Burp Plugin Purpose: Supports finding privilege escalation vulnerabilities. ``` -------------------------------- ### Burp Extension: Paste cURL Command Source: https://github.com/snoopysecurity/awesome-burp-extensions/blob/master/README.md This Burp Suite extension allows users to paste cURL commands directly into a new Repeater tab. The command is then parsed into a raw HTTP request, ready for immediate use in Repeater. ```APIDOC Extension Name: burp-suite-paste-curl Functionality: Parses pasted cURL commands into raw HTTP requests for Burp Repeater. Link: https://github.com/augustd/burp-suite-paste-curl ``` -------------------------------- ### Burp Extension: Carbonator Source: https://github.com/snoopysecurity/awesome-burp-extensions/blob/master/README.md Carbonator offers a command-line interface to automate Burp Suite's target scope configuration, spidering, and scanning processes. This streamlines repetitive security testing tasks, enhancing efficiency. ```APIDOC Extension Name: Carbonator Functionality: Automates target scope configuration, spidering, and scanning via a command-line interface. Link: https://portswigger.net/bappstore/e3a26fff8e1d401dade52f3a8d42d06b ``` -------------------------------- ### Burp Extension: Paramalyzer for Large-Scale Parameter Analysis Source: https://github.com/snoopysecurity/awesome-burp-extensions/blob/master/README.md Paramalyzer is a Burp extension tailored for parameter analysis during large-scale web application penetration tests. It helps in understanding the behavior and impact of various parameters across an application. ```APIDOC Paramalyzer: Type: Burp Extension Purpose: Parameter analysis of large-scale web application penetration tests. ``` -------------------------------- ### SAML Editor Burp Extension Source: https://github.com/snoopysecurity/awesome-burp-extensions/blob/master/README.md This extension adds a new tab to Burp's HTTP message editor, allowing encoding and decoding of SAML (Security Assertion Markup Language) formatted messages. ```APIDOC SAML Editor: Description: Adds a new tab to Burp's HTTP message editor for encoding and decoding SAML (Security Assertion Markup Language) formatted messages. ``` -------------------------------- ### Decoder Improved for Burp Suite Source: https://github.com/snoopysecurity/awesome-burp-extensions/blob/master/README.md An enhanced decoder extension for Burp Suite, offering improved decoding capabilities. ```APIDOC Decoder Improved: Purpose: Provides improved decoding functionalities. Platform: Burp Suite Extension. ``` -------------------------------- ### Integrate Burp with Dradis Framework Source: https://github.com/snoopysecurity/awesome-burp-extensions/blob/master/README.md This extension integrates Burp with the Dradis Framework, a reporting and collaboration platform for security assessments. ```APIDOC Dradis Framework: Purpose: Integrates Burp with the Dradis Framework. Integration: Burp Suite -> Dradis Framework (reporting and collaboration platform). ``` -------------------------------- ### Burp Extension: Argument Injection Hammer Source: https://github.com/snoopysecurity/awesome-burp-extensions/blob/master/README.md This tool is used to identify argument injection vulnerabilities in applications, specifically targeting issues related to commands like *curl* or *awk*. It helps uncover ways to manipulate command arguments. ```APIDOC Argument Injection Hammer: Description: Used to identify argument injection vulnerabilities, like *curl* *awk* etc, and similar. ``` -------------------------------- ### JWT Editor Burp Suite Extension Source: https://github.com/snoopysecurity/awesome-burp-extensions/blob/master/README.md A Burp Suite extension for creating and editing JSON Web Tokens. ```APIDOC JWT Editor: Description: A Burp Suite extension for creating and editing JSON Web Tokens. ``` -------------------------------- ### Burp Extension: WAFDetect Source: https://github.com/snoopysecurity/awesome-burp-extensions/blob/master/README.md This extension passively detects the presence of a web application firewall (WAF) from HTTP responses. It helps security testers understand the target's defense mechanisms. ```APIDOC WAFDetect: Description: This extension passively detects the presence of a web application firewall (WAF) from HTTP responses. ``` -------------------------------- ### OAUTHScan Burp Suite Extension Source: https://github.com/snoopysecurity/awesome-burp-extensions/blob/master/README.md OAUTHScan is a Burp Suite Extension written in Java with the aim to provide some automatic security checks, which could be useful during penetration testing on applications implementing OAUTHv2 and OpenID standards. ```APIDOC OAUTHScan: Description: Burp Suite Extension (Java) providing automatic security checks for applications implementing OAUTHv2 and OpenID standards during penetration testing. ``` -------------------------------- ### Burp Extension: Reflected Parameters for Identifying Reflected Request Values Source: https://github.com/snoopysecurity/awesome-burp-extensions/blob/master/README.md This extension monitors HTTP traffic and identifies request parameter values that are reflected in the corresponding response. It specifically looks for parameters longer than 3 characters, aiding in the discovery of potential reflection-based vulnerabilities. ```APIDOC Reflected Parameters: Type: Burp Extension Purpose: Monitors traffic for request parameter values (longer than 3 characters) reflected in the response. ``` -------------------------------- ### Burp Extension: AuthMatrix for Authorization Testing Source: https://github.com/snoopysecurity/awesome-burp-extensions/blob/master/README.md AuthMatrix is a Burp Suite extension that provides a straightforward method to test authorization in web applications and web services. It simplifies the process of identifying broken access control vulnerabilities. ```APIDOC AuthMatrix: Type: Burp Suite Extension Purpose: Provides a simple way to test authorization in web applications and web services. ``` -------------------------------- ### Integrate Semgrep Results with Burp Passive Scanner Source: https://github.com/snoopysecurity/awesome-burp-extensions/blob/master/README.md This Burp Suite extension allows users to include Semgrep results to extend the checks in use by the passive scanner, enhancing static analysis capabilities within Burp. ```APIDOC Semgrepper: Purpose: Burp Suite extension to include Semgrep results to extend checks in use by the passive scanner. Functionality: Enhances static analysis capabilities within Burp. ``` -------------------------------- ### PyCript Burp Suite Extension for Client-Side Encryption Bypass Source: https://github.com/snoopysecurity/awesome-burp-extensions/blob/master/README.md PyCript is a Burp Suite extension that enables bypassing client-side encryption using custom logic, supporting both Python and NodeJS. It facilitates efficient testing of encryption methods and identification of vulnerabilities in the encryption process for manual and automated testing. ```APIDOC PyCript: Purpose: Bypasses client-side encryption using custom logic. Supported Languages: Python, NodeJS. Functionality: Enables efficient testing of encryption methods and vulnerability identification. Integration: Burp Suite extension. ``` -------------------------------- ### Deflate Decompression Plugin for Burp Suite Source: https://github.com/snoopysecurity/awesome-burp-extensions/blob/master/README.md The Deflate Burp Plugin is a Burp Proxy plug-in that decompresses HTTP response content compressed with ZLIB (RFC1950) and DEFLATE (RFC1951) formats. It implements the IBurpExtender interface. ```APIDOC Deflate Burp Plugin: Purpose: Decompresses HTTP response content. Supported Formats: ZLIB (RFC1950), DEFLATE (RFC1951). Interface: IBurpExtender. Platform: Burp Proxy Plugin. ``` -------------------------------- ### Burp Extension: Burp Customizer Source: https://github.com/snoopysecurity/awesome-burp-extensions/blob/master/README.md This extension enables the use of custom themes within Burp Suite. It includes a number of bundled themes, allowing users to personalize their Burp Suite interface for a better experience. ```APIDOC Extension Name: Burp Customizer Functionality: Allows users to apply custom themes to Burp Suite, including bundled options. Link: https://github.com/CoreyD97/BurpCustomizer ``` -------------------------------- ### Burp Extension: AutoRepeater for Automated HTTP Request Repeating Source: https://github.com/snoopysecurity/awesome-burp-extensions/blob/master/README.md AutoRepeater automates HTTP request repeating within Burp Suite. This extension is useful for various tasks, including authorization testing, by automatically resending requests with defined modifications. ```APIDOC AutoRepeater: Type: Burp Suite Extension Purpose: Automated HTTP Request Repeating With Burp Suite. ``` -------------------------------- ### MessagePack Converter for Burp Suite Source: https://github.com/snoopysecurity/awesome-burp-extensions/blob/master/README.md This extension provides functionality for decoding MessagePack requests and responses into JSON format, and converting requests from JSON format back to MessagePack. ```APIDOC MessagePack Converter: Purpose: Converts MessagePack to JSON and JSON to MessagePack. Supported Operations: Decoding MessagePack requests/responses to JSON, converting JSON requests to MessagePack. Platform: Burp Suite Extension. ``` -------------------------------- ### JWT Re-auth Burp Plugin Source: https://github.com/snoopysecurity/awesome-burp-extensions/blob/master/README.md Burp plugin to cache authentication tokens from an "auth" URL, and then add them as headers on all requests going to a certain scope. ```APIDOC JWT Re-auth: Description: Burp plugin to cache authentication tokens from an "auth" URL and add them as headers on requests within a certain scope. ``` -------------------------------- ### Burp Extension: Curlit Source: https://github.com/snoopysecurity/awesome-burp-extensions/blob/master/README.md Curlit is a Python plugin for Burp Suite that transforms captured requests into curl commands. This facilitates easy replication and testing of requests outside of Burp, enhancing flexibility. ```APIDOC Extension Name: Curlit Functionality: Converts Burp Suite requests into curl commands. Link: https://github.com/faffi/curlit/tree/b5cf116d4716376e36cb0e522bdfe90915a7a961 ``` -------------------------------- ### Burp Extension: BearerAuthToken Source: https://github.com/snoopysecurity/awesome-burp-extensions/blob/master/README.md This Burp Suite extender provides a solution for testing enterprise applications that involve security authorization tokens in every HTTP request. It automates the handling of Bearer tokens for authenticated scanning. ```APIDOC BearerAuthToken: Description: This burpsuite extender provides a solution on testing Enterprise applications that involve security Authorization tokens into every HTTP requests. ``` -------------------------------- ### Burp Extension: Session Auth Source: https://github.com/snoopysecurity/awesome-burp-extensions/blob/master/README.md This extension can be used to identify authentication privilege escalation vulnerabilities. It helps in testing whether a user can gain unauthorized access or elevated privileges by manipulating session-related parameters. ```APIDOC Session Auth: Description: This extension can be used to identify authentication privilege escalation vulnerabilities. ``` -------------------------------- ### Burp Extension: Session-Handler-Plus Source: https://github.com/snoopysecurity/awesome-burp-extensions/blob/master/README.md The Session Handler Plus (SH+) Burp Suite extension offers enhanced session handling capabilities for JWTs, access tokens, refresh tokens, and CSRF tokens. Additionally, it allows for custom scripts to be launched through session handling actions, and facilitates the triggering of Selenium automation to execute complex or JavaScript based login procedures. ```APIDOC Session-Handler-Plus: Description: The Session Handler Plus (SH+) Burp Suite extension offers enhanced session handling capabilities for JWTs, access tokens, refresh tokens, and CSRF tokens. Additionally, it allows for custom scripts to be launched through session handling actions, and facilitates the triggering of Selenium automation to execute complex or JavaScript based login procedures. ``` -------------------------------- ### AES Killer Burp Plugin for On-the-Fly AES Decryption Source: https://github.com/snoopysecurity/awesome-burp-extensions/blob/master/README.md AES Killer is a Burp plugin designed to decrypt AES encrypted traffic from mobile applications on the fly. It provides real-time decryption capabilities for security analysis. ```APIDOC AES Killer: Purpose: Decrypts AES Encrypted traffic of mobile apps on the fly. Integration: Burp plugin. ``` -------------------------------- ### JSON Web Tokens Burp Extension Source: https://github.com/snoopysecurity/awesome-burp-extensions/blob/master/README.md This extension lets you decode and manipulate JSON web tokens on the fly, check their validity and automate common attacks against them. ```APIDOC JSON Web Tokens: Description: Decodes and manipulates JSON web tokens on the fly, checks validity, and automates common attacks against them. ``` -------------------------------- ### Burp Extension: Auto Repeater for Automated Request Repeating with Diffing Source: https://github.com/snoopysecurity/awesome-burp-extensions/blob/master/README.md This extension automatically repeats requests, incorporating replacement rules and response diffing. It offers a general-purpose solution for streamlining authorization testing within web applications by highlighting changes in responses. ```APIDOC Auto Repeater: Type: Burp Extension Purpose: Automatically repeats requests with replacement rules and response diffing, streamlining authorization testing. ``` -------------------------------- ### Burp Extension: tplmap Source: https://github.com/snoopysecurity/awesome-burp-extensions/blob/master/README.md This Burp extension integrates with Tplmap, a tool for Server-Side Template Injection and Code Injection Detection and Exploitation. It facilitates the discovery and exploitation of template and code injection flaws. ```APIDOC tplmap Burp Extenson: Description: Burp extension for Tplmap, a Server-Side Template Injection and Code Injection Detection and Exploitation Tool. ``` -------------------------------- ### ParaForge Burp Extension for Parameter and Endpoint Extraction Source: https://github.com/snoopysecurity/awesome-burp-extensions/blob/master/README.md ParaForge is a simple Burp Suite extension designed to extract parameters and endpoints from requests. It facilitates the creation of custom wordlists for effective fuzzing and enumeration during security assessments. ```APIDOC ParaForge: Purpose: Extracts parameters and endpoints from requests. Functionality: Creates custom wordlists for fuzzing and enumeration. Integration: Burp Suite extension. ``` -------------------------------- ### Post Burp Scanner Issues to External Web Service Source: https://github.com/snoopysecurity/awesome-burp-extensions/blob/master/README.md This extension can be used to post details of discovered Scanner issues to an external web service, enabling custom integrations with ticketing systems or other platforms. ```APIDOC Issue Poster: Purpose: Posts details of discovered Burp Scanner issues to an external web service. Usage: Enables custom integrations with external platforms. ``` -------------------------------- ### Burp Extension: Auth Analyzer for Authorization Bug Detection Source: https://github.com/snoopysecurity/awesome-burp-extensions/blob/master/README.md Auth Analyzer is a Burp Extension that assists in finding authorization bugs. It achieves this by repeating Proxy requests with self-defined headers and tokens, allowing for comprehensive testing of access controls. ```APIDOC Auth Analyzer: Type: Burp Extension Purpose: Helps find authorization bugs by repeating Proxy requests with self defined headers and tokens. ``` -------------------------------- ### Burp Extension: BlockerLite Source: https://github.com/snoopysecurity/awesome-burp-extensions/blob/master/README.md BlockerLite is a simple Burp extension designed to drop requests to blacklisted hosts. It helps in filtering out unwanted traffic and focusing on relevant targets during security testing. ```APIDOC Extension Name: BlockerLite Functionality: Drops requests to blacklisted hosts within Burp Suite. Link: https://github.com/bomsi/BlockerLite ``` -------------------------------- ### Burp Extension: SourceMapper Source: https://github.com/snoopysecurity/awesome-burp-extensions/blob/master/README.md SourceMapper is a Burp Suite extension that injects offline source maps for easier JavaScript debugging. This significantly improves the ability to analyze and debug obfuscated or minified JavaScript code. ```APIDOC Extension Name: SourceMapper Functionality: Injects offline source maps for easier JavaScript debugging in Burp Suite. Link: https://github.com/yg-ht/SourceMapper ``` -------------------------------- ### Burp Extension: Reflector for Real-time Reflected XSS Detection Source: https://github.com/snoopysecurity/awesome-burp-extensions/blob/master/README.md Reflector is a Burp plugin capable of finding reflected XSS vulnerabilities on a page in real-time. It operates while the user is browsing the site, providing immediate feedback on potential reflection points. ```APIDOC Reflector: Type: Burp Plugin Purpose: Finds reflected XSS on page in real-time while browsing. ```