Burp Suite is definitely the most used tool for me on a daily basis since almost all of the engagements I work on involve some type of Web Application Penetration Testing.
Expect a more up to date list on the extensions I have installed, why I have them and how they’ve helped in the past.
All of these are available if you have Burp Suite Professional within the Bapp Store except the last one ;]
Ones that I find really needed out of all of the above are:
- Additional Scanner Checks
- Freddy
- Exiftool Scanner
- Software Version Reporter/Software Vulnerability Scanner
- Error Message Checks
- HTML5 Auditor
- J2EEScan/Retire.js
- Paramalyzer
That said, if you have the resources I’d really suggest using them all!
Don’t forget about GainSec’s Burp Suite Extension!
GoldenNuggets! (Click here to download)
End Transmission