Burp

Install

Installing Burp Suite Professional / Community EditionBurp_Suite

Reduce Noise

Add the following patterns in Burp Suite under Proxy > Options > TLS Pass Through:

.*\.google\.com

.*\.gstatic\.com

.*\.googleapis\.com

.*\.pki\.goog

.*\.mozilla\..*

Burp Extensions

.NET beautifier	J2EEScan	Software Vulnerability Scanner
Software Version Reporter	Active Scan++	Additional Scanner Checks
AWS Security Checks	Backslash Powered Scanner	Wsdler
Java Deserialization Scanner	C02	Cloud Storage Tester
CMS Scanner	Error Message Checks	Detect Dynamic JS
Headers Analyzer	HTML5 Auditor	PHP Object Injection Check
JavaScript Security	Retire.JS	CSP Auditor
Random IP Address Header	Autorize	CSRF Scanner
JS Link Finder	UUID Detector	Param Miner
RetireJS Scanner	J2EE Scanner	WebSocket History
Intruder Payloads	Crypto	JWT Decoder
File Upload Scanner

Top 10 Pentesting Tools and Extensions in Burp Suite - PortSwigger

5 more Burp extensions for API hackingDana Epp's Blog

GitHub - yeswehack/PwnFox: PwnFox is a Firefox/Burp extension that provide usefull tools for your security audit.GitHub

GitHub - snoopysecurity/awesome-burp-extensions: A curated list of amazingly awesome Burp ExtensionsGitHub

Add Custom Scan Checks - BChecks

GitHub - PortSwigger/BChecks: BChecks collection for Burp Suite Professional and Burp Suite Enterprise EditionGitHub

Adding custom scan checksBurp_Suite

Burp Shortcuts

BurpSuite-1/CheatSheet.md at master · rinetd/BurpSuite-1GitHub

Shortcut	Description
[CTRL+R]	Send to repeater
[CTRL+SHIFT+R]	Go to repeater
[CTRL+I]	Send to intruder
[CTRL+SHIFT+I]	Go to intruder
[CTRL+U]	URL encode
[CTRL+SHIFT+U]	URL decode
Ctrl+F	Forward intercepted Proxy message
Ctrl+T	Toggle Proxy interception
Ctrl+Shift+H	HTML-decode
Ctrl+H	HTML-encode key characters
Ctrl+Shift+B	Base64-decode
Ctrl+B	Base64-encode

Tips and tricks

Freebies - Mastering Burp Suite ProAgarri