CSRF tokens handling Burp extension

Automatic authorization enforcement detection extension for burp suite written in Jython developed by Barak Tawily in order to ease application security people work and allow them perform an automatic authorization tests

WAF Cookie Fetcher is a Burp Suite extension written in Python, which uses a headless browser to obtain the values of WAF-injected cookies which are calculated in the browser by client-side JavaScript code and adds them to Burp's cookie jar. Requires PhantomJS.

A simple Burp extension for scanning stuffs in CTF

[NO LONGER MAINTAINED] An extender that extracts specified HTTP headers to the response body as meta tags.

Burp Suite plugin to export the sitemap to CSV.

burpsuite 插件对GP所有参数(过滤特殊参数)一键自动添加xss sql payload 进行fuzz

Burp Suite plugin that plays sound effects when issues are found.

[NO LONGER MAINTAINED] An extender that helps your Burp send a CSRF Token in the HTTP Header (e.g. X-CSRF-Token).

WAFEx Model Creator.

A Burp Extension that parses emails from HTTP content and can optionally generate usernames.

burpHTTPMirror

A work-in-progress collection of utilities for creating Burp extensions in Python.

This Burp extension helps you to find usages of postMessage and recvMessage

SQL injection script for MSSQL that extracts domain users from an Active Directory environment based on RID bruteforcing

automatic HTTP request smuggling vulnerability detection

This extension allows you to make complex modifications to requests and responses with Python

Simple Burp extension to drop blacklisted hosts

Mole is a framework for identifying and exploiting out-of-band application vulnerabilities.

SQLi Query Tampering extends and adds custom Payload Generator/Processor in Burp Suite's Intruder. This extension gives you the flexibility of manual testing with many powerful evasion techniques.