Burp Suite is definitely the most used tool for me on a daily basis since I started my new job. Which is funny in a way because in my old job, I found myself relying too heavily on it and trusting it way too much. That said, it is also my favorite tool.
Don’t get me wrong, there is still a learning curve and I’m still learning more about it everyday but I decided to show what extensions I use and especially extensions that have come in handy now and then. Also, I’ll add a link to an extension I made.
By the way, yes I am still using the non-beta version of Burp. That is because I first jumped right into the beta upon release and quickly got worried of getting into trouble/ dealing with a hassle because I found plenty of things not working the way I want especially with active scanning, which I felt never paused or stopped even I told it too.
I’m debating going through every extension and their value so unless just one person asks for an explanation, I’ll hold off. That said, here is a complete list of extensions I have loaded/unloaded:
All of these are available if you have Burp Suite Professional within the Bapp Store except the last one ;]
Ones that I find really needed out of all of the above are:
- Additional Scanner Checks
- Exiftool Scanner
- Software Version Reporter/Software Vulnerability Scanner
- Error Message Checks
- HTML5 Auditor
That said, if you have the resources I’d really suggest using them all!
So now, with that out of the way, i’ll introduce my own extension:
Meant to be a one click solution to create Wordlists of URI, Parameters and more.
I’m not going into depth about how important and how in love I am with Wordlists because I’m saving that for it’s own post, but let me just say that you can find a lot of great findings from solid wordlists. One cannot argue how beneficial creating wordlists from the websites/applications you test! Make it a habit and trust me you won’t regret it!
Expect more soon especially on my github!