Home

Awesome

Awesome Burp Extensions Awesome

A curated list of amazingly awesome Burp Extensions

Contributing

Please refer to the contributing guide for details.

How to Use

Awesome burp extensions is an amazing list for people who want to spice up their Burp instance with awesome plugins. The best ways to use are:

Content

Passive and Active scan plugins.

Custom Features

Extensions rel)ated to customizing Burp features and extend the functionality of Burp Suite in numerous ways.

Beautifiers and Decoders

Extensions related to beautifying and decoding data formats.

Cloud Security

Plugins related to assessing Cloud Security services such as Amazon AWS.

Scripting

Extensions related to Scripting.

OAuth and SSO

Extensions for assessing Single sign-on (SSO) and OAuth related applications.

Information Gathering

Extensions related to Discovery, Spidering and Information Gathering.

Vulnerability Specific Extensions

Cross-site scripting

Broken Access Control

Cross-Site Request Forgery

Deserialization

Sensitive Data Exposure

SQL/NoSQL Injection

XXE

Insecure File Uploads

Directory Traversal

Session Management

CORS Misconfigurations

Command Injection

Template Injection

Type Confusion

SSRF

Web Application Firewall Evasion

The following extensions can aid during WAF evasion.

Logging and Notes

Extensions related to logging HTTP traffic during assessments and storing Burp traffic.

Payload Generators and Fuzzers

Wordlist/payload generators and fuzzers.

Cryptography

Extensions related to decryption of encrypted traffic and crypto related attacks.

Web Services

Extensions useful for assessing Web Services

Tool Integration

Extensions related to integrating Burp Suite with other software/tools.

Misc

Burp Extension Training Resources

Useful blog posts, talks and slides related to developing Burp extensions.