Tools

Burp Extension for a passively scanning JavaScript files for endpoint links. - Export results the text file - Exclude specific js files e.g. jquery, google-analytics

JWT Editor is a Burp Suite extension for editing, signing, verifying, encrypting and decrypting JSON Web Tokens (JWTs).

This extension converts data submitted within requests between various common formats: JSON to XML, XML to JSON, body parameters.

This extension gives Burp Suite the ability to find Java deserialization vulnerabilities. It adds checks to both the active and passive scanner and can also be used in an Intruder like manual mode, with a dedicated tab.

This extension augments your in-scope proxy traffic by injecting non-invasive headers designed to reveal backend systems by causing pingbacks to Burp Collaborator.

This extension converts data submitted within requests between various common formats: JSON to XML, XML to JSON, body parameters.

Add or update custom HTTP headers from session handling rules. This is especially useful for JSON Web Tokens (JWT).

This is an extension for Burp Suite designed to help you launch HTTP Request Smuggling attacks. It supports scanning for Request Smuggling vulnerabilities, and also aids exploitation by handling cumbersome offset-tweaking for you.

This extension identifies hidden, unlinked parameters. Its particularly useful for finding web cache poisoning vulnerabilities.

Turbo Intruder is a Burp Suite extension for sending large numbers of HTTP requests and analyzing the results. Its intended to complement Burp Intruder by handling attacks that require extreme speed or complexity.

This extension integrates Burp with the Retire.js repository to find vulnerable JavaScript libraries. It passively looks at JavaScript files loaded and identifies those which are vulnerable based on various signature types (URL, filename, file content or specific hash).

The goal of this extension is to improve the test coverage during web application penetration tests on J2EE applications.

Autorize is an extension aimed at helping the penetration tester to detect authorization vulnerabilities, one of the more time-consuming tasks in a web application penetration test.

This extension enhances Burps active scanner, employing a novel method to detect both known and unknown server-side injection vulnerabilities. Derived from manual testing, it offers advantages like casual WAF evasion, minimal network footprint, and adaptability to input filtering.

This extension sends responses to a locally-running XSS-Detector server, powered by either Phantom.js and/or Slimer.js.

This extension tries to implements most attacks that seem feasible for file uploads. The extension is testing various attacks and is divided into modules. Each module handles several attacks of the same category.

Texto

Texto

Texto

Texto

Texto

Texto

Texto

Texto

Texto

Texto

Texto

Texto