10 Burp extensions I actually use... BUT none of them are in the top 30 most popular in the BApp Store!

I get tired of seeing the same extensions come up in "top 10" lists. Here are some hidden gems you might not have tried... yet. In no particular order.

🧵👇

Authentication Token Obtain and Replace (ATOR)

Session expiration is the bane of automation. If a session token expires mid scan, you're left with incomplete results. ATOR detects expired tokens, re-authenticates, and updates requests with the fresh token. Perfect for non-cookie session tokens!

SAML Raider

If you've never tested an API that uses SAML, you're lucky. If you have, you know how frustrating of an experience it can be. SAML Raider is a must have, allowing you to edit, sign, and manipulate SAML messages directly within Burp.

Extensibility Helper

BChecks and Bambdas are awesome, and people share plenty of them online, but they are usually scattered across multiple GitHub repos. Extensibility Helper lets you load BChecks and Bambdas from repos, search them, and import the ones you want into Burp.

Hunt Scanner

Despite the name, Hunt Scanner doesn't really "scan" anything. Instead it monitors requests as you explore the application, tracking interesting parameter names, linking them to *potential* vulns. You can't test everything, but you can prioritize what you do test!

TokenJar

TokenJar is the less automated version of ATOR, and sometimes that's enough! If the application refreshes session tokens itself, or there are non-session tokens you want to track (think anti-CSRF), TokenJar can help. It monitors and extracts tokens, then updates subsequent requests.

GAP

GAP (Get All Parameters, Links, and Word) helps uncover hidden endpoints and parameters by analyzing responses and generating custom wordlists. That plus the huge number of settings make this an awesome cewl-like tool for recon!

Server-Side Prototype Pollution Scanner

This extension identifies server-side prototype pollution vulnerabilities, a critical issue NodeJS applications. While Burp's scanner has some tests built-in, this extension adds more checks for completeness.

Reshaper

Reshaper has a learning curve and not the most intuitive interface, but when you do grasp how it works, it can be incredibly powerful. It's essentially IFTTT for Burp, allowing you to configure request/response modifying actions that get triggered by certain criteria.

Pentagrid Scan Controller

If you do a lot of scanning in Burp, this extension is for you. When enabled, it will monitor all proxied requests and decide whether or not they should be scanned. Highly configurable, it won't scan the same request twice. Think of it as your automated scan manager.

AuthMatrix

A golden oldie that desperately needs a rewrite (please...), AuthMatrix simplifies authorization testing by providing a matrix of users, roles, and requests. It helps identify access control issues systematically, and saves time during retesting by replaying all requests in one go.

Which lesser-known Burp extensions do you swear by? Share your favorites below! 👇

#BugBounty #Cybersecurity #BurpSuite #WebSecurity

@tib3rius That’s a good one. EspreSSO does a good job with this too.

@tib3rius Upload scanner is a great tool for finding vulns in upload functions.