Burp

Install

Installing Burp Suite Professional / Community Edition - PortSwiggerBurp_Suite

Burp Pro

GitHub - xiv3r/Burpsuite-Professional: Latest Burpsuite Professional Version 2025.x.xGitHub

Guide

GitHub - Ignitetechnologies/BurpSuite-For-Pentester: This cheatsheet is built for the Bug Bounty Hunters and penetration testers in order to help them hunt the vulnerabilities from P4 to P1 solely and completely with "BurpSuite".GitHub

Reduce Noise

Add the following patterns in Burp Suite under Proxy > Options > TLS Pass Through:

.*\.google\.com

.*\.gstatic\.com

.*\.googleapis\.com

.*\.pki\.goog

.*\.mozilla\..*

Burp Extensions

.NET beautifier	J2EEScan	Software Vulnerability Scanner
Software Version Reporter	Active Scan++	Additional Scanner Checks
AWS Security Checks	Backslash Powered Scanner	Wsdler
Java Deserialization Scanner	C02	Cloud Storage Tester
CMS Scanner	Error Message Checks	Detect Dynamic JS
Headers Analyzer	HTML5 Auditor	PHP Object Injection Check
JavaScript Security	Retire.JS	CSP Auditor
Random IP Address Header	Autorize	CSRF Scanner
JS Link Finder	UUID Detector	Param Miner
RetireJS Scanner	Backslash Powered Scanner	WebSocket History
Intruder Payloads	Crypto	JWT Decoder
Upload Scanner	403 Bypasser	HTTP Request Smuggler
JWT Editor	Log4Shell Scanner	Web Cache Deception Scanner
Client-Site Path Traversal Exploitation	XSS cheatsheet	BurpBounty
JSON Beautifier	JS Miner	GAP
Server Side Request Forgery (SSRF) Scanner	Burp Suite File Inclusion Scanner	WSDLScanner
Content Type Converter	TruffleHog	Auth Analyser

Top 10 Pentesting Tools and Extensions in Burp Suite - PortSwiggerportswigger.net

5 more Burp extensions for API hackingDana Epp's Blog

GitHub - yeswehack/PwnFox: PwnFox is a Firefox/Burp extension that provide usefull tools for your security audit.GitHub

GitHub - snoopysecurity/awesome-burp-extensions: A curated list of amazingly awesome Burp ExtensionsGitHub

Burp Bounty

Documentation 2 - Burp BountyBurp Bounty - Website vulnerability scanner

GitHub - six2dez/burp-bounty-profiles: Burp Bounty profiles compilation, feel free to contribute!GitHub

GitHub - SummerSec/BurpBountyProfiles: BurpBounty插件的配置文件收集项目GitHub

GitHub - ghsec/BBProfiles: Burp Bounty (Scan Check Builder in BApp Store) is a extension of Burp Suite that improve an active and passive scanner by yourself. This extension requires Burp Suite Pro.GitHub

Intruder Payloads

GitHub - 1N3/IntruderPayloads: A collection of Burpsuite Intruder payloads, BurpBounty payloads, fuzz lists, malicious file uploads and web pentesting methodologies and checklists.GitHub

Shadow Repeater

Shadow Repeater:AI-enhanced manual testingPortSwigger Research

AI HTTP Analyzer

AI HTTP Analyzerportswigger.net

Add Custom Scan Checks - BChecks

GitHub - PortSwigger/BChecks: BChecks collection for Burp Suite Professional and Burp Suite DASTGitHub

Adding custom scan checks to scans - PortSwiggerBurp_Suite

Burp Shortcuts

BurpSuite-1/CheatSheet.md at master · rinetd/BurpSuite-1GitHub

Shortcut	Description
[CTRL+R]	Send to repeater
[CTRL+SHIFT+R]	Go to repeater
[CTRL+I]	Send to intruder
[CTRL+SHIFT+I]	Go to intruder
[CTRL+U]	URL encode
[CTRL+SHIFT+U]	URL decode
Ctrl+F	Forward intercepted Proxy message
Ctrl+T	Toggle Proxy interception
Ctrl+Shift+H	HTML-decode
Ctrl+H	HTML-encode key characters
Ctrl+Shift+B	Base64-decode
Ctrl+B	Base64-encode

Tips and tricks

Freebies - Mastering Burp Suite ProAgarri