A Burp Suite extension to add OpenAI (GPT) on Burp and help you with your Bug Bounty recon to discover endpoints, params, URLs, subdomains and more!

🧿 AutorizePro是一款强大越权检测 Burp 插件，通过增加 AI 辅助分析 && 进一步优化检测逻辑，大幅降低误报率，提升越权漏洞检出效率。 [ AutorizePro is a authorization enforcement detection extension for burp suite. By adding Ai-assisted analysis, it significantly reduces the false positive rate and improves the efficiency of vulnerability detection.

A Burp Suite extension for identifying injection flaws (LFI, RCE, SQLi), authentication/authorization issues, and HTTP 403 access violations. It supports dynamic payload generation, including BCheck syntax, and can automatically generate Bambdas scripts. Additionally, it offers "Copy as JavaScript" to convert HTTP requests for enhanced XSS testing.

A simple Burp Suite extension to crawl JavaScript (JS) files in passive mode and display the results directly on the issues

A Burp Suite Extension to extract interesting strings (key, secret, token, or etc.) from a webpage.

autoDecoder的用法及案例，包含加解密方法、绕waf、替换参数等操作。

gRPC-Web Pentesting Suite + Burp Suite Extension / Hack gRPC-Web Applications (Official BApp Extension Available)

Burp Suite extension for bypassing client-side encryption for pentesting and bug bounty

A Burpsuite plugin (BApp) to aid in the detection of scripts being loaded from over 23000 malicious cryptocurrency mining domains (cryptojacking).

Exporter is a Burp Suite extension to copy a request to a file or the clipboard as multiple programming languages functions.

SQLi Query Tampering extends and adds custom Payload Generator/Processor in Burp Suite's Intruder. This extension gives you the flexibility of manual testing with many powerful evasion techniques.

jsonp is a Burp Extension which attempts to reveal JSONP functionality behind JSON endpoints.

A BurpSuite extension to create a custom word-list of endpoint and parameters for enumeration and fuzzing

Blinks is a powerful Burp Suite extension that automates active scanning with Burp Suite Pro and enhances its functionality. With the integration of webhooks, this tool sends real-time updates whenever a new issue is identified, directly to your preferred endpoint. No more waiting for final reports – you get instant, actionable insights! 🛠️

A Burp Suite Extension for pentester and bug bounty hunters an to maintain checklist, map flows, write test cases and track vulnerabilities

BurpSuite extension to inject custom cross-site scripting payloads on every form/request submitted to detect blind XSS vulnerabilities

Burp Extension that copies a request and builds a FFUF skeleton

SQL injection script for MSSQL that extracts domain users from an Active Directory environment based on RID bruteforcing

Official TruffleHog Burp Suite Extension. Scan Burp Suite traffic for 800+ different types of secrets (API keys, passwords, SSH keys, etc) using TruffleHog.

A Burp Suite plugin/extension that offers a shell in Burp. Both useful for OS Command injection and LFI exploration