A framework for web penetration testing built on Java is called Burp Suite. Information security specialists now employ it as part of their toolkits of choice. With Burp Extender, you may expand Burp’s capability by installing third-party extensions or even creating your own.
How to Install Burp Suite extensions
It is very easy to install Burp suite extensions. To install an extension, navigate to Extender > BApp Store tab, select it from the list, and then click the Install button in the description panel. That’s all. It’s like installing apps from the play store.
You must download Jython or JRuby and change the Python environment or Ruby environment settings on the Extender > Options page in order to install extensions built in either Python or Ruby.
Below is the list of best burp suite extensions that are very useful in the process of penetration testing and security assessment.
1. Backup Finder
Extension that reviews backup, old, temporary, and unreferenced files on the web server for sensitive information. Extension finds the backup files stored in the web application. Simply send the target to this extension via the Repeater tab & there you can send the request to find backup files. There is customization available for the list of extensions for backup files.
Link: https://github.com/moeinfatehi/Backup-Finder
2. Agartha – Payload Generator Tool
Extension for dynamic payload generation to detect injection flaws (RCE, LFI, SQLi). Agartha is a penetration testing tool that generates dynamic user access matrices and payload lists to expose injection vulnerabilities and authentication/authorization problems. Attack payloads come in a wide variety, but Agartha develops run-time, systematic, vendor-neutral payloads with a wide range of possibilities and bypassing techniques. File dictionary lists are created using a variety of encoding and escaping characters. It generates command dictionary lists for a variety of Windows and Unix systems. For various databases, it generates stacked queries, Boolean-based, Union-based, Time-based, and Order-based SQLi wordlists to aid in identifying weak points. It generates an access role matrix based on user sessions and URL lists to identify access violation concerns linked to authorization and authentication.
Link: https://github.com/volkandindar/agartha
3. Tproxer
a Burp Suite add-on developed to automate the discovery of SSRF based on reverse proxy paths. It uses a path-based SSRF attack to try to access internal APIs or files. For instance, we attempt the payload at https://www.example.com/api/v1/users/..;/..;/..;/..;/ anticipating a 400 Bad Request.
Link: https://github.com/ethicalhackingplayground/TProxer
4. ActiveScan++
ActiveScan++ extends Burp Suite’s active and passive scanning capabilities. It checks for input transformations, Potential host header attacks, performs fuzzing, checks code injection via Ruby’s open() and Perl’s open() function, and also checks for multiple CVEs.
Link: https://github.com/albinowax/ActiveScanPlusPlus
5. Broken Link Hijacking
Anytime a target links to a domain or page that has expired, broken link hijacking (BLH) has occurred. There are two types of broken link hijacking: reflected and stored. Numerous times, this problem has been taken advantage of in the wild.
Link: https://github.com/stevenvachon/broken-link-checker
6. Wsdler Extension
This extension is helpful to parse the SOAP API endpoints. In SOAP API, we often see the endpoints like wsdl?. We can intercept the request & quickly parse endpoints via the Wsdler extension.
Download Link: https://github.com/portswigger/wsdler
7. Content-Type Converter
This extension generally converts the JSON data to XML or vice-versa. This is useful for discovering vulnerabilities that can only be found by converting the content type of a request
Download Link: https://github.com/portswigger/content-type-converter
8. Add Custom Header
Suppose you have to add the header to every request you are making to the target server. You can define custom-header via this extension & also can define where you want these headers to be added such as in repeater, or intruder.
9. Reflector Extension
This extension helps in finding common reflected cross-site scripting (XSS) vulnerabilities. Extension finds injection points and injects inputs on its own and checks for returned data in response. However, you have to manually validate false positives generated by the extension.
10. JSON Decoder
This extension helps in beautifying the JSON data either in request or response which helps in better understanding of data. It also decodes the JWT token without leaving the comfort zone of the Burp suite.
11. Burp JS Link Finder
This extension reads JavaScript files and finds links on them. The extension also uses possible parameters to create links.
12. Autorize
One of the more time-consuming jobs in a web application penetration test is the detection of authorization flaws. Autorize is an add-on designed to aid penetration testers in this process. Giving the extension access to a low-privileged user’s cookies and using a high-privileged user to view the website is adequate. The plugin automatically checks each request for authorization flaws while using the session of a low-privileged user.
You can also check our video on this topic.
