Outils d'utilisateurs
Ceci est une ancienne révision du document !
* [summitt/Burp-Non-HTTP-Extension: Non-HTTP Protocol Extension (NoPE) Proxy and DNS for Burp Suite.](https://github.com/summitt/Burp-Non-HTTP-Extension) * [SpiderLabs/Airachnid-Burp-Extension: A Burp Extension to test applications for vulnerability to the Web Cache Deception attack](https://github.com/SpiderLabs/Airachnid-Burp-Extension) * [RUB-NDS/BurpSSOExtension: An extension for BurpSuite that highlights SSO messages in Burp's proxy window..](https://github.com/RUB-NDS/BurpSSOExtension) * [nccgroup/BurpSuiteHTTPSmuggler: A Burp Suite extension to help pentesters to bypass WAFs or test their effectiveness using a number of techniques](https://github.com/nccgroup/BurpSuiteHTTPSmuggler) * [NetSPI/JavaSerialKiller: Burp extension to perform Java Deserialization Attacks](https://github.com/NetSPI/JavaSerialKiller) * [h3xstream/burp-retire-js: Burp/ZAP/Maven extension that integrate Retire.js repository to find vulnerable Javascript libraries.](https://github.com/h3xstream/burp-retire-js) * [PortSwigger/collaborator-everywhere: A Burp Suite Pro extension which augments your proxy traffic by injecting non-invasive headers designed to reveal backend systems by causing pingbacks to Burp Collaborator](https://github.com/PortSwigger/collaborator-everywhere) * [SecurityInnovation/AuthMatrix: AuthMatrix is a Burp Suite extension that provides a simple way to test authorization in web applications and web services.](https://github.com/SecurityInnovation/AuthMatrix) * [augustd/burp-suite-error-message-checks: Burp Suite extension to passively scan for applications revealing server error messages](https://github.com/augustd/burp-suite-error-message-checks) * [NetSPI/BurpExtractor: A Burp extension for generic extraction and reuse of data within HTTP requests and responses.](https://github.com/NetSPI/BurpExtractor) * [PortSwigger/brida: The new bridge between Burp Suite and Frida!](https://github.com/portswigger/brida) * [PortSwigger/distribute-damage: Evenly distributes scanner load across targets](https://github.com/PortSwigger/distribute-damage) * [hvqzao/burp-wildcard: Burp extension intended to compact Burp extension tabs by hijacking them to own tab.](https://github.com/hvqzao/burp-wildcard) * [Burp-Extensions/JSONPScannerCheck.py at master · tghosth/Burp-Extensions](https://github.com/tghosth/Burp-Extensions/blob/master/JSONPScannerCheck.py) * [the-bumble/Burp-Scanner-OOB-Checks: This is a Burp extension for adding additional payloads to active scanner that require out-of-band validation. Works great with XSSHunter](https://github.com/the-bumble/Burp-Scanner-OOB-Checks) * [d3vilbug/HackBar: HackBar plugin for Burpsuite v1.0](https://github.com/d3vilbug/HackBar) * [hvqzao/burp-second-order: Extension for semi-automated search for second order issues in webapps](https://github.com/hvqzao/burp-second-order) * [PortSwigger/param-miner](https://github.com/portswigger/param-miner) * [PortSwigger/command-injection-attacker: SHELLING - a comprehensive OS command injection payload generator](https://github.com/portswigger/command-injection-attacker) * [wagiro/BurpBounty: Burp Bounty (Scan Check Builder in BApps Store) is a extension of Burp Suite that improve an active and passive scanner by yourself. This extension requires Burp Suite Pro.](https://github.com/wagiro/BurpBounty) * [righettod/log-requests-to-sqlite: BURP extension to record every HTTP request send via BURP and create an audit trail log of an assessment.](https://github.com/righettod/log-requests-to-sqlite) * [albinowax/ActiveScanPlusPlus: ActiveScan++ Burp Suite Plugin](https://github.com/albinowax/ActiveScanPlusPlus) * [PortSwigger/backslash-powered-scanner: Finds unknown classes of injection vulnerabilities](https://github.com/PortSwigger/backslash-powered-scanner) * [RhinoSecurityLabs/SleuthQL: Python3 Burp History parsing tool to discover potential SQL injection points. To be used in tandem with SQLmap.](https://github.com/RhinoSecurityLabs/SleuthQL) * [Ebryx/AES-Killer: Burp plugin to decrypt AES Encrypted traffic of mobile apps on fly](https://github.com/Ebryx/AES-Killer) * [luh2/DetectDynamicJS: The DetectDynamicJS Burp Extension provides an additional passive scanner that tries to find differing content in JavaScript files and aid in finding user/session data.](https://github.com/luh2/DetectDynamicJS) * [EnableSecurity/burp-luhn-payload-processor: A plugin for Burp Suite Pro to work with attacker payloads and automatically generate check digits for credit card numbers and similar numbers that end with a check digit generated using the Luhn algorithm or formula (also known as the “modulus 10” or “mod 10” algorithm).](https://github.com/EnableSecurity/burp-luhn-payload-processor) * [federicodotta/Java-Deserialization-Scanner: All-in-one plugin for Burp Suite for the detection and the exploitation of Java deserialization vulnerabilities](https://github.com/federicodotta/Java-Deserialization-Scanner) * [ilmila/J2EEScan: J2EEScan is a plugin for Burp Suite Proxy. The goal of this plugin is to improve the test coverage during web application penetration tests on J2EE applications.](https://github.com/ilmila/J2EEScan) * [mvetsch/JWT4B: JSON Web Tokens (JWT) support for Burp](https://github.com/mvetsch/JWT4B) * [SAMLRaider/SAMLRaider: SAML Raider is a Burp Suite extension for testing SAML infrastructures](https://github.com/SAMLRaider/SAMLRaider) * [zidekmat/graphql_beautifier: Burp Suite extension to help make Graphql request more readable](https://github.com/zidekmat/graphql_beautifier) * [vergl4s/signatures: Length extension attacks in Burp Suite](https://github.com/vergl4s/signatures)
## Developing Burp Extensions
* [Adapting Burp extensions for tailored pentesting | Blog](https://portswigger.net/blog/adapting-burp-extensions-for-tailored-pentesting) * [Burp Suite Extension Development Series](https://prakharprasad.com/burp-suite-extension-development-series/) * [sunnyneo/burp-extension-training: Burp Extension Training](https://github.com/sunnyneo/burp-extension-training)
