This one can result in some really fun bugs. Also, the possibility for false positive exists on requests which don’t perform a sensitive action.Ĭollaborator Everywhere – If you need to look for backend systems which might be proxying your traffic, use this extension to inject headers leading to out-of-band interactions. When configured to watch for known anti-CSRF tokens in the target application, it highlights requests which neglect to include the tokens. Obtaining your own API key from is recommended, but not hard to do.ĬSRF Scanner – This extension excels at locating missing anti-CSRF tokens in various requests. This extensions uses the API to hunt known outdated pieces of web applications. Vulnerable components in software stacks can lead to major issues. Software Vulnerability Scanner – This one is an extra favorite. Some of them are certainly worth the configuration effort. This group of extension are super helpful, but might require some additional configuration and understanding to use in an impactful way. J2EEScan conducts multiple tests, such as like JBoss SEAM Remote Command Execution (CVE-2010-1871), Expression Language Injection (CVE-2011-2730), and Apache Struts 2 S2-016.Įrror Message Checks – This extension looks for common error message formats for several server-side programming languages. J2EEScan – Add this extension to automatically hunt issues with J2EE during Active Scans. There are better tools out there, but having this functionality inside BurpSuite is extremely convenient. SSL Scanner – Need a quick way to assess TLS ciphers and other SSL/TLS related issues? Install this and run it on your target site. This extension integrates the Retire.js repository with almost no additional effort. Retire.js – Interested in automating the discovery of outdated JavaScript libraries? Look no further. HTML5 Auditor – This extension checks for usage of HTML5 features with potential security risks.ĬSP-Bypass – Passively scan for CSP headers containing known bypasses as well as other potential weaknesses.ĪWS Security Checks – While not a comprehensive toolset for assessing bucket issues, this extension will automate some checks, which is helpful. NET Beautifier – Both of these extensions help improve BurpSute by making output from web responses easier to read.Īctive Scan++ – If you like using Active Scan, this extension will help look for a number of additional issues, including Shellshock, XML input handling, and others.Īdditional Scanner Checks – Provides some great passive checks for common web application issues which don’t already exist.įreddy, Deserialization Bug Finder – Do you want to find places of web applications that are vulnerable to deserialization of server-side code? This extension is a great starting point. One of my favorite extensions for manually hunting amazing bugs. Taborator – Are you looking for blind/out-of-band interactions in IoT devices or web applications? This extension makes it super easy to keep a collaborator client open in a simple BurpSuite tab. Since the setup process for adding them is so simple, they are an obvious addition to the tester’s toolkit. Installing this group of BurpSute extensions automatically adds helpful functionality without the need for additional customization. It’s not a comprehensive list, but can help Bug Bounty hunters or Web Pen-testers find high-risk issues. Hopefully, you find this list of our top BurpSuite extensions helpful. This past week, several of us discussed our favorite BurpSuite extensions, which are helpful additions during our various AppSec or IoT assessments.Įxtensions can be added to BurpSuite Pro by visiting the “Extender -> BApp Store” tabs. Part of our internal mentoring and training culture at VDA includes Lunch and Learn events where engineers share helpful information about a relevant security topic.
0 Comments
Leave a Reply. |