Burp

Install

LogoInstalling Burp Suite Professional / Community EditionBurp_Suite

Burp Pro

LogoGitHub - xiv3r/Burpsuite-Professional: Latest Burpsuite Professional v2024.12.*GitHub

Guide

LogoGitHub - Ignitetechnologies/BurpSuite-For-Pentester: This cheatsheet is built for the Bug Bounty Hunters and penetration testers in order to help them hunt the vulnerabilities from P4 to P1 solely and completely with "BurpSuite".GitHub

Reduce Noise

Add the following patterns in Burp Suite under Proxy > Options > TLS Pass Through:

.*\.google\.com

.*\.gstatic\.com

.*\.googleapis\.com

.*\.pki\.goog

.*\.mozilla\..*

Burp Extensions

.NET beautifier

J2EEScan

Software Vulnerability Scanner

Software Version Reporter

Active Scan++

Additional Scanner Checks

AWS Security Checks

Backslash Powered Scanner

Wsdler

Java Deserialization Scanner

C02

Cloud Storage Tester

CMS Scanner

Error Message Checks

Detect Dynamic JS

Headers Analyzer

HTML5 Auditor

PHP Object Injection Check

JavaScript Security

Retire.JS

CSP Auditor

Random IP Address Header

Autorize

CSRF Scanner

JS Link Finder

UUID Detector

Param Miner

RetireJS Scanner

Backslash Powered Scanner

WebSocket History

Intruder Payloads

Crypto

JWT Decoder

Upload Scanner

403 Bypasser

HTTP Request Smuggler

JWT Editor

Log4Shell Scanner

Web Cache Deception Scanner

Client-Site Path Traversal Exploitation

XSS cheatsheet

BurpBounty

JSON Beautifier

JS Miner

GAP

Server Side Request Forgery (SSRF) Scanner

Burp Suite File Inclusion Scanner

WSDLScanner

Content Type Converter

TruffleHog

Auth Analyser

LogoTop 10 Pentesting Tools and Extensions in Burp Suite - PortSwigger
Logo5 more Burp extensions for API hackingDana Epp's Blog
LogoGitHub - yeswehack/PwnFox: PwnFox is a Firefox/Burp extension that provide usefull tools for your security audit.GitHub
LogoGitHub - snoopysecurity/awesome-burp-extensions: A curated list of amazingly awesome Burp ExtensionsGitHub

Burp Bounty

LogoDocumentation 2 - Burp BountyBurp Bounty - Website vulnerability scanner
LogoGitHub - six2dez/burp-bounty-profiles: Burp Bounty profiles compilation, feel free to contribute!GitHub
LogoGitHub - SummerSec/BurpBountyProfiles: BurpBounty插件的配置文件收集项目GitHub
LogoGitHub - ghsec/BBProfiles: Burp Bounty (Scan Check Builder in BApp Store) is a extension of Burp Suite that improve an active and passive scanner by yourself. This extension requires Burp Suite Pro.GitHub

Intruder Payloads

LogoGitHub - 1N3/IntruderPayloads: A collection of Burpsuite Intruder payloads, BurpBounty payloads, fuzz lists, malicious file uploads and web pentesting methodologies and checklists.GitHub

Shadow Repeater

LogoShadow Repeater:AI-enhanced manual testingPortSwigger Research

AI HTTP Analyzer

LogoAI HTTP Analyzer

Add Custom Scan Checks - BChecks

LogoGitHub - PortSwigger/BChecks: BChecks collection for Burp Suite Professional and Burp Suite Enterprise EditionGitHub
LogoAdding custom scan checksBurp_Suite

Burp Shortcuts

LogoBurpSuite-1/CheatSheet.md at master · rinetd/BurpSuite-1GitHub

Shortcut

Description

[CTRL+R]

Send to repeater

[CTRL+SHIFT+R]

Go to repeater

[CTRL+I]

Send to intruder

[CTRL+SHIFT+I]

Go to intruder

[CTRL+U]

URL encode

[CTRL+SHIFT+U]

URL decode

Ctrl+F

Forward intercepted Proxy message

Ctrl+T

Toggle Proxy interception

Ctrl+Shift+H

HTML-decode

Ctrl+H

HTML-encode key characters

Ctrl+Shift+B

Base64-decode

Ctrl+B

Base64-encode

Tips and tricks

LogoFreebies - Mastering Burp Suite ProAgarri
PreviousArsenal - CheatsheetNextBrowser Extensions

Last updated