所有收集类项目

BurpSuite

400+ 开源Burp插件，400+文章和视频。
English Version

资源收集 -> (7)工具 (2)文章
Burp组件
- Collaborator -> (10)工具 (17)文章
- Intruder -> (1)工具 (15)文章
- Repeater -> (4)工具 (3)文章
- Extender -> (11)工具 (5)文章
- Macros -> (1)工具 (10)文章
- (3) Extractor
- (5) Spider
平台
- Web
  - WAF -> (3)工具 (3)文章
  - HTTP/HTTPS -> (21)工具 (24)文章
  - XSS -> (11)工具 (9)文章
  - CSRF -> (1)工具 (13)文章
  - REST -> (5)工具 (4)文章
  - JWT -> (3)工具 (1)文章
- Windows -> (3)文章
- Linux -> (1)文章
- Apple -> (4)文章
- Android -> (2)工具 (10)文章
- Cloud -> (3)工具
漏洞 -> (24)工具 (19)文章
扫描 -> (40)工具 (16)文章
Fuzz -> (11)工具 (10)文章
SQL -> (10)工具 (33)文章
日志 -> (9)工具
Payload -> (14)工具 (5)文章
开发与调试 -> (2)工具 (18)文章
爆破 -> (4)工具 (5)文章
验证码 -> (1)工具 (2)文章
编码/解码 -> (10)工具 (2)文章
认证/登录 -> (6)工具 (10)文章
Brida -> (1)工具 (8)文章
代理 -> (18)工具 (22)文章
域/子域 -> (4)工具 (1)文章
工具
- (172) 新添加
- (3) 文档
文章
- (159) 新添加

资源收集

工具

[1197星][1m] snoopysecurity/awesome-burp-extensions Burp扩展收集
[1167星][9d] [Py] bugcrowd/hunt Burp和ZAP的扩展收集
[108星][2m] [Java] jgillam/burp-co2 A collection of enhancements for Portswigger's popular Burp Suite web penetration testing tool.
[87星][11m] [Py] laconicwolf/burp-extensions A collection of scripts to extend Burp Suite
[67星][12d] [Py] lich4/personal_script 010Editor/BurpSuite/Frida/IDA等多个工具的多个脚本
- 010Editor 010Editor的多个脚本
- ParamChecker Burp插件
- Frida Frida多个脚本
- IDA IDA Scripts
- IDA-read_unicode.py IDA插件，识别程序中的中文字符
- IDA-add_xref_for_macho 辅助识别Objective-C成员函数的caller和callee
- IDA-add_info_for_androidgdb 使用gdbserver和IDA调试Android时，读取module列表和segment
- IDA-trace_instruction 追踪指令流
- IDA-detect_ollvm 检测OLLVM，在某些情况下修复（Android/iOS）
- IDA-add_block_for_macho 分析macho文件中的block结构
[23星][4y] [Java] ernw/burpsuite-extensions A collection of Burp Suite extensions
[16星][9d] [Batchfile] mr-xn/burpsuite-collections BurpSuite收集：包括不限于 Burp 文章、破解版、插件(非BApp Store)、汉化等相关教程

文章

2019.10 [trustfoundry] The Top 8 Burp Suite Extensions That I Use to Hack Web Sites
2014.08 [insinuator] ERNW’s Top 9 Burp Plugins

Burp组件

Collaborator

工具

[142星][8m] [Py] integrity-sa/burpcollaborator-docker a set of scripts to install a Burp Collaborator Server in a docker environment, using a LetsEncrypt wildcard certificate
[91星][2y] [Java] federicodotta/handycollaborator Burp Suite plugin created for using Collaborator tool during manual testing in a comfortable way!
[71星][4m] [Java] netspi/burpcollaboratordnstunnel A DNS tunnel utilizing the Burp Collaborator
[52星][5y] [Py] jfoote/burp-git-bridge Store Burp data and collaborate via git
[40星][2y] [Java] bit4woo/burp_collaborator_http_api 基于Burp Collaborator的HTTP API
[32星][1m] [Shell] putsi/privatecollaborator A script for installing private Burp Collaborator with free Let's Encrypt SSL-certificate
[31星][3y] [Java] silentsignal/burp-collab-gw Simple socket-based gateway to the Burp Collaborator
[25星][23d] [Java] portswigger/taborator A Burp extension to show the Collaborator client in a tab
[18星][2y] [HCL] 4armed/terraform-burp-collaborator Terraform configuration to build a Burp Private Collaborator Server
[9星][23d] [Java] hackvertor/taborator A Burp extension to show the Collaborator client in a tab

文章

2019.06 [bugbountywriteup] Deploy a private Burp Collaborator Server in Azure
2019.06 [0x00sec] Achieving Persistent Access to Burp Collaborator Sessions
2019.01 [freebuf] Burpsuite Collaborato模块详解
2018.06 [integrity] CVE-2018-10377 - Insufficient Validation of Burp Collaborator Server Certificate
2018.05 [aliyun] 基于Burp Collaborator的HTTP API
2018.05 [tevora] Blind Command Injection Testing with Burp Collaborator
2018.04 [aliyun] 如何搭建自己的 Burp Collaborator 服务器
2018.03 [4hou] 使用BurpSuite的Collaborator查找.Onion隐藏服务的真实IP地址
2017.11 [digitalforensicstips] Using Burp Suite’s Collaborator to Find the True IP Address for a .Onion Hidden Service
2017.09 [netspi] BurpCollaboratorDNSTunnel 介绍
2017.09 [freebuf] Handy Collaborator ：用于挖掘out-of-band类漏洞的Burp插件介绍
2017.09 [mediaservice] HandyCollaborator介绍
2017.04 [] Build a Private Burp Collaborator Server on AWS with Terraform and Ansible
2017.01 [360] 超越检测：利用Burp Collaborator执行SQL盲注
2017.01 [silentsignal] Beyond detection: exploiting blind SQL injections with Burp Collaborator
2016.07 [] Burpsuite之Burp Collaborator模块介绍
2015.04 [portswigger] Introducing Burp Collaborator | Blog

Intruder

工具

[2081星][1y] [BitBake] 1n3/intruderpayloads BurpSuite Intruder Payload收集

文章

2019.10 [KacperSzurek] [BURP] Intruder: Jak sprawdzić typ konta?
2019.09 [Nahamsec] Using BurpSuite's Intruder to find bugs and solve Bug Bounty Notes & Hacker101 CTFs
2018.02 [dustri] Ghetto recursive payload in the Burp Intruder
2017.12 [pediy] [翻译]使用Burp Suite执行更复杂的Intruder攻击
2017.12 [trustedsec] More Complex Intruder Attacks with Burp!
2017.11 [polaris] reCAPTCHA：一款自动识别图形验证码并用于Intruder Payload中的BurpSuite插件
2016.10 [kalilinuxtutorials] Burpsuite – Use Burp Intruder to Bruteforce Forms
2016.02 [THER] Learn Burp Suite, the Nr. 1 Web Hacking Tool - 07 - Intruder and Comparer
2014.02 [nvisium] Challenges of Mobile API Signature Forgery with Burp Intruder
2012.06 [freebuf] [连载]Burp Suite详细使用教程-Intruder模块详解(3)
2012.06 [freebuf] [连载]Burp Suite详细使用教程-Intruder模块详解(2)
2012.06 [freebuf] [技巧]Burp Intruder中的Timing选项的使用
2012.05 [freebuf] Burp Suite详细使用教程-Intruder模块详解
2011.11 [digi] Burp Intruder Attack Types
2011.06 [console] Burp Intruder Time fields

Repeater

工具

[66星][19d] [Java] coreyd97/stepper A natural evolution of Burp Suite's Repeater tool
[52星][29d] [Java] portswigger/stepper A natural evolution of Burp Suite's Repeater tool
[36星][1m] [Kotlin] typeerror/bookmarks A Burp Suite Extension to take back your repeater tabs
[6星][6y] [Perl] allfro/browserrepeater BurpSuite extension for Repeater tool that renders responses in a real browser.

文章

2019.10 [KacperSzurek] [BURP] 12 trików do Burp Repeater
2019.09 [aliyun] BurpSuite插件 - AutoRepeater说明
2016.02 [THER] Learn Burp Suite, the Nr. 1 Web Hacking Tool - 04 - Repeater Module

Extender

工具

[192星][2y] [Java] p3gleg/pwnback Burp Extender plugin that generates a sitemap of a website using Wayback Machine
[143星][1y] [Java] tomsteele/burpbuddy burpbuddy exposes Burp Suites's extender API over the network through various mediums, with the goal of enabling development in any language without the restrictions of the JVM
[59星][5y] [Ruby] tduehr/buby A JRuby implementation of the BurpExtender interface for PortSwigger Burp Suite.
[33星][2y] [Java] dnet/burp-oauth OAuth plugin for Burp Suite Extender
[28星][2y] [Java] bit4woo/gui_burp_extender_para_encrypter Burp_Extender_para_encrypter
[19星][1y] [Java] nccgroup/wcfdser-ngng A Burp Extender plugin, that will make binary soap objects readable and modifiable.
[15星][4m] [Java] twelvesec/jdser-dcomp A Burp Extender plugin that will allow you to tamper with requests containing compressed, serialized java objects.
[10星][2y] [Py] sahildhar/burpextenderpractise burp extender practise
[6星][2y] [Java] secureskytechnology/burpextender-proxyhistory-webui Burp Extender . Proxy History viewer in Web UI
[4星][2y] [Java] pentestpartners/fista A Burp Extender plugin allowing decoding of fastinfoset encoded communications.
[3星][6y] [Java] directdefense/noncetracker A Burp extender module that tracks and updates nonce values per a specific application action.

文章

2017.05 [trustwave] Airachnid: Web Cache Deception Burp Extender
2014.08 [liftsecurity] Burp Extender With Scala
2013.12 [directdefense] Multiple NONCE (one-time token) Value Tracking with Burp Extender
2009.04 [portswigger] Using Burp Extender | Blog
2008.11 [portswigger] [MoBP] Burp Extender extended | Blog

Macros

工具

[7星][2y] [Java] pajswigger/add-request-to-macro Burp extension to add a request to a macro

文章

2019.01 [aliyun] 使用Burp Suite 宏自动化处理 Session 会话
2018.12 [parsiya] Tiredful API - Part 1 - Burp Session Validation with Macros
2018.12 [4hou] 通过Burp Macros自动化平台对Web应用的模糊输入进行处理
2018.12 [parsiya] Tiredful API. Part1: 使用宏验证Burp会话
2017.12 [freebuf] 经验分享 | Burpsuite中宏的使用
2017.09 [freebuf] 如何通过BurpSuiteMacro自动化模糊测试Web应用的输入点
2017.02 [cyberis] Creating Macros for Burp Suite
2015.12 [blackhillsinfosec] Using Simple Burp Macros to Automate Testing
2015.11 [gracefulsecurity] Burp Macros: Automatic Re-authentication
2011.03 [portswigger] Burp v1.4 preview - Macros | Blog

Extractor

2018.08 [4hou] Burp Extractor扩展工具介绍
2018.08 [aliyun] BurpSuite Extender之巧用Marco和Extractor绕过Token限制
2018.08 [netspi] Introducing Burp Extractor

Spider

2017.07 [360] BurpSuite插件：利用BurpSuite Spider收集子域名和相似域名
2017.07 [polaris] BurpSuite插件：利用BurpSuite Spider收集子域名和相似域名
2017.06 [hackingarticles] How to Spider Web Applications using Burpsuite
2017.02 [HackingMonks] Web Spidering (Manual and Automated with Burp Suite)
2016.02 [THER] Learn Burp Suite, the Nr. 1 Web Hacking Tool - 05 - Target and Spider

平台

Web

WAF

工具

[421星][10m] [Java] nccgroup/burpsuitehttpsmuggler A Burp Suite extension to help pentesters to bypass WAFs or test their effectiveness using a number of techniques
[269星][3y] [Java] codewatchorg/bypasswaf Add headers to all Burp requests to bypass some WAF products
[8星][7m] [Py] bao7uo/waf-cookie-fetcher WAF Cookie Fetcher is a Burp Suite extension written in Python, which uses a headless browser to obtain the values of WAF-injected cookies which are calculated in the browser by client-side JavaScript code and adds them to Burp's cookie jar. Requires PhantomJS.

文章

2018.11 [4hou] 利用burp插件Hackvertor绕过waf并破解XOR加密
2017.10 [4hou] Bypass WAF：使用Burp插件绕过一些WAF设备
2015.06 [freebuf] 可绕过WAF的Burp Suite插件 – BypassWAF

HTTP/HTTPS

工具

[403星][5m] [Java] nccgroup/autorepeater Automated HTTP Request Repeating With Burp Suite
[396星][21d] [Java] portswigger/http-request-smuggler an extension for Burp Suite designed to help you launch HTTP Request Smuggling attack
[391星][11d] [Kotlin] portswigger/turbo-intruder a Burp Suite extension for sending large numbers of HTTP requests and analyzing the results.
[240星][2m] [Py] m4ll0k/burpsuite-secret_finder Burp Suite extension to discover apikeys/accesstokens and sensitive data from HTTP response.
[128星][15d] [Py] redhuntlabs/burpsuite-asset_discover Burp Suite extension to discover assets from HTTP response.
[103星][2y] [Java] gosecure/csp-auditor Burp and ZAP plugin to analyse Content-Security-Policy headers or generate template CSP configuration from crawling a Website
[69星][12d] [Java] c0ny1/httpheadmodifer 一款快速修改HTTP数据包头的Burp Suite插件
[54星][6m] [Py] gh0stkey/jsonandhttpp Burp Suite Plugin to convert the json text that returns the body into HTTP request parameters.
[51星][2y] [Java] netspi/burpextractor A Burp extension for generic extraction and reuse of data within HTTP requests and responses.
[33星][12m] twelvesec/bearerauthtoken This burpsuite extender provides a solution on testing Enterprise applications that involve security Authorization tokens into every HTTP requests.Furthermore, this solution provides a better approach to solve the problem of Burp suite automated scanning failures when Authorization tokens exist.
[30星][7m] [Java] bit4woo/burp-api-drops burp suite API 处理http请求和响应的基本流程
[29星][2m] [Java] ibey0nd/nstproxy 一款存储HTTP请求入库的burpsuite插件
[13星][5y] [Py] enablesecurity/identity-crisis A Burp Suite extension that checks if a particular URL responds differently to various User-Agent headers
[11星][3y] [Ruby] crashgrindrips/burp-dump A Burp plugin to dump HTTP(S) requests/responses to a file system
[8星][2y] [Py] andresriancho/burp-proxy-search Burp suite HTTP history advanced search
[8星][7y] [Java] cyberisltd/post2json Burp Suite Extension to convert a POST request to JSON message, moving any .NET request verification token to HTTP headers if present
[8星][3y] [Java] eonlight/burpextenderheaderchecks A Burp Suite Extension that adds Header Checks and other helper functionalities
[6星][2y] [Java] stackcrash/burpheaders Burp extension for checking optional headers
[6星][2m] [Java] iamaldi/rapid Rapid is a Burp extension that enables you to save HTTP Request / Response to file in a user friendly text format a lot faster.
[5星][3y] [Py] floyd-fuh/burp-collect500 Burp plugin that collects all HTTP 500 messages
[3星][2y] [Py] externalist/aes-encrypt-decrypt-burp-extender-plugin-example A POC burp extender plugin to seamlessly decrypt/encrypt encrypted HTTP network traffic.

文章

2019.08 [chawdamrunal] How i exploit out-of-band resource load (HTTP) using burp suite extension plugin (taborator)
2019.06 [infosecinstitute] Intercepting HTTPS traffic with Burp Suite
2019.01 [nxadmin] Android 7.0+手机burpsuite抓包https
2018.12 [ecforce] 创建Burp扩展, 使用HMAC签名替换HTTP Header
2018.06 [NetworkHeros] Ethical Hacking (CEHv10) :Intercept HTTPS (SSL) traffic with Burpsuite
2018.02 [nxadmin] ios 11.2.5 burpsuite抓https
2018.01 [freebuf] 经验分享 | Burpsuite抓取非HTTP流量
2017.12 [freebuf] 如何使用Burp和Magisk在Android 7.0监测HTTPS流量
2017.12 [nviso] Intercepting HTTPS Traffic from Apps on Android 7+ using Magisk & Burp
2017.12 [4hou] 如何使用 Burp 代理调试安卓应用中的 HTTP(S) 流量
2017.11 [nxadmin] burpsuite抓包https请求相关
2017.03 [HackingMonks] HTTP Header Injection (Mannual and Burpsuite)
2017.03 [HackingMonks] BurpSuite HTTPS proxy setting (Install CA certificates)
2017.01 [hackingarticles] Hack the Basic HTTP Authentication using Burpsuite
2016.09 [freebuf] 新手教程：如何使用Burpsuite抓取手机APP的HTTPS数据
2015.10 [g0tmi1k] DVWA Brute Force (Low Level) - HTTP GET Form [Hydra, Patator, Burp]
2014.06 [robert] Howto install and use the Burp Suite as HTTPS Proxy on Ubuntu 14.04
2014.06 [sensepost] Associating an identity with HTTP requests – a Burp extension
2014.02 [trustwave] “Reversing” Non-Proxy Aware HTTPS Thick Clients w/ Burp
2013.10 [agarri] Exploiting WPAD with Burp Suite and the "HTTP Injector" extension
2013.10 [agarri] Exploiting WPAD with Burp Suite and the "HTTP Injector" extension
2013.02 [freebuf] Burpsuite教程与技巧之HTTP brute暴力破解
2013.02 [freebuf] AuthTrans(原创工具)+BurpSuite的暴力美学-破解Http Basic认证
2012.12 [freebuf] iPhone上使用Burp Suite捕捉HTTPS通信包方法

XSS

工具

[308星][1y] [Java] elkokc/reflector Burp 插件，浏览网页时实时查找反射 XSS
[306星][3y] [Java] nvisium/xssvalidator This is a burp intruder extender that is designed for automation and validation of XSS vulnerabilities.
[166星][4m] [Py] wish-i-was/femida Automated blind-xss search for Burp Suite
[102星][1y] [Java] mystech7/burp-hunter XSS Hunter Burp Plugin
[48星][11d] [Py] bitthebyte/bitblinder Burp extension helps in finding blind xss vulnerabilities
[34星][3y] [Py] attackercan/burp-xss-sql-plugin Burp plugin which I used for years which helped me to find several bugbounty-worthy XSSes, OpenRedirects and SQLi.
[34星][2m] [JS] psych0tr1a/elscripto XSS explot kit/Blind XSS framework/BurpSuite extension
[29星][3y] [Java] portswigger/xss-validator This is a burp intruder extender that is designed for automation and validation of XSS vulnerabilities.
[24星][23d] [Py] jiangsir404/xss-sql-fuzz burpsuite 插件对GP所有参数(过滤特殊参数)一键自动添加xss sql payload 进行fuzz
- 重复区段: Fuzz->工具 |SQL->工具 |
[23星][3m] [Py] hpd0ger/supertags 一个Burpsuite插件，用于检测隐藏的XSS
[2星][3m] [Java] conanjun/xssblindinjector burp插件，实现自动化xss盲打以及xss log

文章

2018.05 [freebuf] Burp Xss Scanner插件开发思路分享（附下载）
2017.08 [4hou] 如何使用Burp Suite模糊测试SQL注入、XSS、命令执行漏洞
2017.07 [hackingarticles] Fuzzing SQL,XSS and Command Injection using Burp Suite
2017.04 [freebuf] 如何通过BurpSuite检测Blind XSS漏洞
2017.04 [agarri] Exploiting a Blind XSS using Burp Suite
2017.04 [agarri] Exploiting a Blind XSS using Burp Suite
2015.12 [toolswatch] Sleepy Puppy Burp Extension for XSS v1.0
2014.01 [nvisium] Accurate XSS Detection with BurpSuite and PhantomJS
2013.07 [cyberis] Testing .NET MVC for JSON Request XSS - POST2JSON Burp Extension

CSRF

工具

[12星][2y] [Java] ah8r/csrf CSRF Scanner Extension for Burp Suite Pro

文章

2018.01 [4hou] 如何绕过csrf保护，并在burp suite中使用intruder？
2017.09 [securestate] Updating Anti-CSRF Tokens in Burp Suite
2017.09 [securestate] Updating Anti-CSRF Tokens in Burp Suite
2017.01 [360] 使用Burp的intruder功能测试有csrf保护的应用程序
2016.06 [securityblog] Using Burp Intruder to Test CSRF Protected Applications
2015.11 [gracefulsecurity] Burp Suite vs CSRF Tokens: Round Two
2015.11 [gracefulsecurity] Burp Suite vs CSRF Tokens Part 2: CSRFTEI for Remote Tokens
2015.11 [gracefulsecurity] Burp Suite vs CSRF Tokens
2015.11 [gracefulsecurity] Burp Suite vs CSRF Tokens: CSRFTEI
2014.07 [notsosecure] Pentesting Web Service with anti CSRF token using BurpPro
2014.02 [nvisium] Using Burp Intruder to Test CSRF Protected Applications
2012.09 [trustwave] Adding Anti-CSRF Support to Burp Suite Intruder
2012.05 [edge] Testing CSRF aware webapps with Burp

REST

工具

[307星][1y] [Java] vmware/burp-rest-api REST/JSON API to the Burp Suite security tool.
[47星][1y] [Ruby] pentestgeek/burpcommander Ruby command-line interface to Burp Suite's REST API
[35星][7y] [Java] continuumsecurity/resty-burp REST/JSON interface to Burp Suite
[34星][3m] [Py] dionach/headersanalyzer Burp extension that checks for interesting and security headers
[13星][11m] [Py] anandtiwarics/python-burp-rest-api Python Package for burprestapi

文章

2018.12 [mindpointgroup] REST Assured: Penetration Testing REST APIs Using Burp Suite: Part 3 – Reporting
2018.11 [mindpointgroup] 使用Burp对REST API进行渗透测试. Part2
2018.11 [mindpointgroup] 使用Burp Suite对REST API进行渗透测试. Part1:介绍与配置
2018.11 [doyensec] Introducing burp-rest-api v2

JWT

工具

[112星][9d] [Java] ozzi-/jwt4b JWT Support for Burp
[22星][1m] [Java] portswigger/json-web-tokens JWT Support for Burp
[7星][1m] [Java] lorenzog/burpaddcustomheader A Burp Suite extension to add a custom header (e.g. JWT)

文章

2017.05 [compass] JWT Burp Extension

Windows

文章

2018.03 [nviso] Intercepting Belgian eID (PKCS#11) traffic with Burp Suite on OS X / Kali / Windows
2017.02 [HackingMonks] Burp Suite complete Version (Windows installation)
2016.02 [parsiya] Installing Burp Certificate Authority in Windows Certificate Store

Linux

文章

2018.03 [nviso] Intercepting Belgian eID (PKCS#11) traffic with Burp Suite on OS X / Kali / Windows

Apple

文章

2018.03 [nviso] Intercepting Belgian eID (PKCS#11) traffic with Burp Suite on OS X / Kali / Windows
2016.08 [bogner] Burp.app – Making Burp a little more OS X like
2015.12 [nabla] Burp and iOS 9 App Transport Security
2014.08 [appsecconsulting] Running Stubborn Devices Through Burp Suite via OSX Mountain Lion and Above

Android

工具

[282星][3y] [Java] mateuszk87/badintent Intercept, modify, repeat and attack Android's Binder transactions using Burp Suite
[12星][21d] [JS] shahidcodes/android-nougat-ssl-intercept It decompiles target apk and adds security exception to accept all certificates thus making able to work with Burp/Charles and Other Tools

文章

2019.06 [bugbountywriteup] Digging Android Applications — Part 1 — Drozer + Burp
2018.12 [doyler] Proxy Android Apps through Burp for Mobile Assessments
2018.01 [nviso] 结合使用 Burp 与自定义 rootCA 来探查 Android N 网络流量
2018.01 [freebuf] 如何在Android Nougat中正确配置Burp Suite？
2018.01 [ropnop] Configuring Burp Suite with Android Nougat
2017.12 [aliyun] 安卓脱壳&&协议分析&&Burp辅助分析插件编写
2016.11 [nxadmin] Burpsuite抓包Android模拟器(AVD)设置
2014.01 [nvisium] Android Assessments with GenyMotion + Burp
2012.08 [freebuf] Burp Suite V1.4.12发布: 新增破解Android SSL功能
2012.08 [toolswatch] Burp Suite v1.4.12 in the wild with the support of Android SSL Analysis

Cloud

工具

[293星][9d] [Py] rhinosecuritylabs/iprotate_burp_extension Extension for Burp Suite which uses AWS API Gateway to rotate your IP on every request.
[178星][2y] [Py] virtuesecurity/aws-extender a Burp plugin to assess permissions of cloud storage containers on AWS, Google Cloud and Azure.
[47星][3m] [Java] netspi/awssigner Burp Extension for AWS Signing

漏洞

工具

[691星][11m] [Java] vulnerscom/burp-vulners-scanner Burp扫描插件，基于vulners.com搜索API
[401星][2y] [Java] federicodotta/java-deserialization-scanner All-in-one plugin for Burp Suite for the detection and the exploitation of Java deserialization vulnerabilities
[140星][2m] [JS] h3xstream/burp-retire-js Burp/ZAP/Maven extension that integrate Retire.js repository to find vulnerable Javascript libraries.
[131星][2y] [Java] yandex/burp-molly-scanner Turn your Burp suite into headless active web application vulnerability scanner
[104星][6m] [Py] kapytein/jsonp a Burp Extension which attempts to reveal JSONP functionality behind JSON endpoints. This could help reveal cross-site script inclusion vulnerabilities or aid in bypassing content security policies.
[104星][2y] [Java] spiderlabs/airachnid-burp-extension A Burp Extension to test applications for vulnerability to the Web Cache Deception attack
[81星][10m] [Py] nccgroup/argumentinjectionhammer A Burp Extension designed to identify argument injection vulnerabilities.
[75星][4y] [Java] directdefense/superserial SuperSerial - Burp Java Deserialization Vulnerability Identification
[74星][5y] [Py] integrissecurity/carbonator The Burp Suite Pro extension that automates scope, spider & scan from the command line.
[65星][2y] [Py] capt-meelo/telewreck A Burp extension to detect and exploit versions of Telerik Web UI vulnerable to CVE-2017-9248.
[59星][3y] [Java] vulnerscom/burp-dirbuster Dirbuster plugin for Burp Suite
[57星][3y] [Java] linkedin/sometime A BurpSuite plugin to detect Same Origin Method Execution vulnerabilities
[56星][2y] [Java] bigsizeme/burplugin-java-rce Burp plugin, Java RCE
[47星][2y] [Java] portswigger/httpoxy-scanner A Burp Suite extension that checks for the HTTPoxy vulnerability.
[39星][3y] [Java] directdefense/superserial-active SuperSerial-Active - Java Deserialization Vulnerability Active Identification Burp Extender
[35星][3y] [Py] thomaspatzke/burp-sessionauthtool Burp plugin which supports in finding privilege escalation vulnerabilities
[30星][29d] [Py] portswigger/wordpress-scanner Find known vulnerabilities in WordPress plugins and themes using Burp Suite proxy. WPScan like plugin for Burp.
[25星][3y] [Java] vankyver/burp-vulners-scanner Burp scanner plugin based on Vulners.com vulnerability database
[23星][3y] [Java] vah13/burpcrlfplugin Another plugin for CRLF vulnerability detection
[11星][10d] [Java] codewatchorg/burp-indicatorsofvulnerability Burp extension that checks application requests and responses for indicators of vulnerability or targets for attack
[4星][2y] [Java] codedx/burp-extension Burp Suite plugin to send data to Code Dx software vulnerability management system
[2星][1y] [Java] moeinfatehi/cvss_calculator CVSS Calculator - a burp suite extension for calculating CVSS v2 and v3 scores of vulnerabilities.
[2星][4y] [Java] thec00n/dradis-vuln-table Dradis Vuln Table extension for Burp suite
[1星][2y] [Java] rammarj/burp-header-injector Burp Free plugin to test for host header injection vulnerabilities. (Development)

文章

2020.01 [freebuf] 挖洞经验 | 用BurpSuite实现越权漏洞（IDOR）的自动发现识别
2019.03 [int0x33] Day 82: Hunting for Vulnerabilities in Android Apps with Burp and APK Tools
2019.01 [sans] Extending Burp to Find Struts and XXE Vulnerabilities
2018.09 [4hou] 使用Burp和Ysoserial实现Java反序列化漏洞的盲利用
2018.05 [thief] burpsuite插件开发之检测越权访问漏洞
2018.01 [security] Burp WP - Find vulnerabilities in WordPress using Burp
2017.12 [avleonov] Vulners.com vulnerability detection plugins for Burp Suite and Google Chrome
2017.09 [aliyun] 请问能burpsuite的插件中直接获取到直接获取到漏洞报告吗？
2017.08 [freebuf] HUNT：一款可提升漏洞扫描能力的BurpSuite漏洞扫描插件
2017.07 [freebuf] Burp Suite扫描器漏洞扫描功能介绍及简单教程
2017.07 [hackingarticles] Vulnerability Analysis in Web Application using Burp Scanner
2017.07 [vulners] 2 years of Vulners and new plugin for Burp Scanner
2017.06 [4hou] 使用 Burp Infiltrator 进行漏洞挖掘
2017.06 [4hou] 将Burp Scanner漏洞结果转换为Splunk事件
2017.02 [HackingMonks] Website Vulnerability Scanning Burp Suite in Kali Linux
2015.12 [mediaservice] Scanning for Java Deserialization Vulnerabilities in web applications with Burp Suite
2015.08 [freebuf] 本地文件包含漏洞检测工具 – Burp国产插件LFI scanner checks
2013.08 [freebuf] BurpSuite权限提升漏洞检测插件——The Burp SessionAuth
2013.08 [toolswatch] The Burp SessionAuth – Extension for Detection of Possible Privilege escalation vulnerabilities

扫描

工具

[553星][4m] [Java] wagiro/burpbounty is a extension of Burp Suite to improve the active and passive scanner by means of personalized rules through a very intuitive graphical interface.
[449星][8m] [Py] albinowax/activescanplusplus ActiveScan++ Burp Suite Plugin
[308星][10d] [Java] c0ny1/passive-scan-client Burp被动扫描流量转发插件
[253星][11d] [Py] initroot/burpjslinkfinder Burp Extension for a passive scanning JS files for endpoint links.
[231星][8m] [Perl] modzero/mod0burpuploadscanner HTTP file upload scanner for Burp Proxy
[189星][15d] [Perl] portswigger/upload-scanner HTTP file upload scanner for Burp Proxy
[42星][2y] [Py] modzero/interestingfilescanner Burp extension to scans for interesting files and directories
[40星][1y] [Py] luh2/detectdynamicjs Burp Extension provides an additional passive scanner that tries to find differing content in JavaScript files and aid in finding user/session data.
[37星][1y] [Java] augustd/burp-suite-error-message-checks Burp Suite extension to passively scan for applications revealing server error messages
[36星][5m] [Py] arbazkiraak/burpblh 使用IScannerCheck发现被劫持的损坏链接. Burp插件
[35星][8m] [Py] portswigger/active-scan-plus-plus ActiveScan++ Burp Suite Plugin
[34星][4y] [Py] politoinc/yara-scanner Yara intergrated into BurpSuite
[34星][6m] [Py] portswigger/js-link-finder Burp Extension for a passive scanning JS files for endpoint links.
[30星][24d] [Java] portswigger/scan-check-builder a extension of Burp Suite that improve an active and passive scanner by yourself. This extension requires Burp Suite Pro.
[27星][6y] [Py] opensecurityresearch/custompassivescanner A Custom Scanner for Burp
[27星][4m] [Java] mirfansulaiman/customheader This Burp Suite extension allows you to customize header with put a new header into HTTP REQUEST BurpSuite (Scanner, Intruder, Repeater, Proxy History)
[24星][3y] [Py] silentsignal/activescan3plus Modified version of ActiveScan++ Burp Suite extension
[23星][11m] [BitBake] ghsec/bbprofiles a extension of Burp Suite that improve an active and passive scanner by yourself
[21星][2y] [Py] unamer/ctfhelper A simple Burp extension for scanning stuffs in CTF
[21星][4y] [Py] f-secure/headless-scanner-driver A Burp Suite extension that starts scanning on requests it sees, and dumps results on standard output
[20星][5m] [Java] aress31/flarequench Burp Suite plugin that adds additional checks to the passive scanner to reveal the origin IP(s) of Cloudflare-protected web applications.
[19星][8m] [Java] thomashartm/burp-aem-scanner Burp Scanner extension to fingerprint and actively scan instances of the Adobe Experience Manager CMS. It checks the website for common misconfigurations and security holes.
[18星][9d] [Java] augustd/burp-suite-software-version-checks Burp extension to passively scan for applications revealing software version numbers
[18星][4y] codewatchorg/burp-yara-rules Yara rules to be used with the Burp Yara-Scanner extension
[18星][2m] [BitBake] sy3omda/burp-bounty is extension of Burp Suite that improve Burp scanner.
[13星][11m] [Py] thomaspatzke/burp-missingscannerchecks Collection of scanner checks missing in Burp
[10星][4y] [Java] augustd/burp-suite-token-fetcher Burp Extender to add unique form tokens to scanner requests.
[10星][2y] [Java] securifybv/phpunserializecheck PHP Unserialize Check - Burp Scanner Extension
[10星][2m] [Java] veggiespam/imagelocationscanner Scan for GPS location exposure in images with this Burp & ZAP plugin.
[7星][3y] [Py] luh2/pdfmetadata The PDF Metadata Burp Extension provides an additional passive Scanner check for metadata in PDF files.
[7星][23d] [Java] parsiya/bug-diaries A extension for Burp's free edition that mimics the pro edition's custom scan issues.
[5星][4y] [Java] eganist/burp-issue-poster This Burp Extension is intended to post to a service the details of an issue found either by active or passive scanning
[4星][4y] [Ruby] blazeinfosec/activeevent ActiveEvent is a Burp plugin that integrates Burp Scanner and Splunk events
[3星][2y] [Java] alexlauerman/incrementmeplease Burp extension to increment a parameter in each active scan request
[2星][5y] [Shell] evilpacket/bower-burp-static-analysis Nov 2014 scan of bower using burp suite static analysis engine
[2星][10m] [Py] jamesm0rr1s/burpsuite-add-and-track-custom-issues Add & Track Custom Issues is a Burp Suite extension that allows users to add and track manual findings that the automated scanner was unable to identify.
[1星][8m] [Java] bort-millipede/burp-batch-report-generator Small Burp Suite Extension to generate multiple scan reports by host with just a few clicks. Works with Burp Suite Professional only.
[1星][1y] [Java] logicaltrust/burpexiftoolscanner Burp extension, reads metadata using ExifTool
[1星][2y] [Java] moradotai/cms-scan An active scan extension for Burp that provides supplemental coverage when testing popular content management systems.
[0星][11m] [Java] xorrbit/burp-nessusloader Burp Suite extension to import detected web servers from a Nessus scan xml file (.nessus)

文章

2019.10 [trustfoundry] Scanning At Scale: Burp Suite Enterprise Edition
2019.05 [web] Scanning TLS Server Configurations with Burp Suite
2018.08 [jerrygamblin] Bulk Bug Bounty Scanning With The Burp 2.0 API
2018.02 [ZeroNights] [Defensive Track]Eldar Zaitov, Andrey Abakumov - Automation of Web Application Scanning With Burp
2017.08 [360] Burp Suite扩展之Java-Deserialization-Scanner
2017.07 [intrinsec] Burp extension « Scan manual insertion point »
2017.05 [moxia] 【技术分享】Burp Suite扩展开发之Shodan扫描器（已开源）
2016.12 [360] Burp Suite扩展开发之Shodan扫描器（已开源）
2016.11 [jerrygamblin] Automated Burp Suite Scanning and Reporting To Slack.
2016.04 [freebuf] 针对非Webapp测试的Burp技巧（二）：扫描、重放
2016.03 [parsiya] Thick Client Proxying - Part 2: Burp History, Intruder, Scanner and More
2016.03 [parsiya] Thick Client Proxying - Part 2: Burp History, Intruder, Scanner and More
2016.02 [THER] Learn Burp Suite, the Nr. 1 Web Hacking Tool - 06 - Sequencer and Scanner
2015.10 [freebuf] J2EEScan：J2EE安全扫描（Burp插件）
2012.12 [portswigger] Sample Burp Suite extension: custom scanner checks | Blog
2012.12 [portswigger] Sample Burp Suite extension: custom scan insertion points | Blog

Fuzz

工具

[211星][5m] [Java] h3xstream/http-script-generator ZAP/Burp plugin that generate script to reproduce a specific HTTP request (Intended for fuzzing or scripted attacks)
[63星][7m] [Py] pinnace/burp-jwt-fuzzhelper-extension Burp扩展, 用于Fuzzing JWT
[55星][3y] [Py] mseclab/burp-pyjfuzz Burp Suite plugin which implement PyJFuzz for fuzzing web application.
[42星][3y] team-firebugs/burp-lfi-tests Fuzzing for LFI using Burpsuite
[28星][3y] [Py] floyd-fuh/burp-httpfuzzer Burp plugin to do random fuzzing of HTTP requests
[24星][23d] [Py] jiangsir404/xss-sql-fuzz burpsuite 插件对GP所有参数(过滤特殊参数)一键自动添加xss sql payload 进行fuzz
- 重复区段: 平台->Web->XSS->工具 |SQL->工具 |
[21星][7y] raz0r/burp-radamsa Radamsa fuzzer extension for Burp Suite
[18星][1y] [Py] mgeeky/burpcontextawarefuzzer BurpSuite's payload-generation extension aiming at applying fuzzed test-cases depending on the type of payload (integer, string, path; JSON; XML; GWT; binary) and following encoding-scheme applied originally.
[6星][29d] [Java] nscuro/bradamsa-ng Burp Suite extension for Radamsa-powered fuzzing with Intruder
[4星][2y] [Java] huvuqu/fuzz18plus Advance of fuzzing for Web pentest. Based on Burp extension, send HTTP request template out to Python fuzzer.
[1星][7m] [Kotlin] gosecure/burp-fuzzy-encoding-generator Quickly test various encoding for a given value in Burp Intruder

文章

2018.11 [d0znpp] Extending fuzzing with Burp by FAST
2017.09 [4hou] 利用Burp“宏”解决自动化 web fuzzer的登录问题
2017.09 [360] 如何使用Burp Suite Macros绕过防护进行自动化fuzz测试
2017.09 [securelayer7] 使用 Burp 的宏功能，实现 WebApp 输入 Fuzzing 的自动化
2017.09 [securelayer7] Automating Web Apps Input fuzzing via Burp Macros
2016.10 [code610] HTTP Server fuzzing with Burp
2013.10 [debasish] Fuzzing Facebook for $$$ using Burpy
2013.06 [raz0r] Radamsa Fuzzer Extension for Burp Suite
2012.11 [freebuf] 渗透测试神器Burp弹药扩充-fuzzdb
2010.09 [netspi] Fuzzing Parameters in CSRF Resistant Applications with Burp Proxy

SQL

工具

[393星][2y] [Py] rhinosecuritylabs/sleuthql Python3 Burp History parsing tool to discover potential SQL injection points. To be used in tandem with SQLmap.
[237星][2y] [Java] difcareer/sqlmap4burp sqlmap embed in burpsuite
[186星][4m] [Py] codewatchorg/sqlipy Burp Suite 插件, 使用 SQLMap API 集成SQLMap
[156星][2m] trietptm/sql-injection-payloads SQL Injection Payloads for Burp Suite, OWASP Zed Attack Proxy,...
- 重复区段: Payload->工具 |
[120星][12d] [Java] c0ny1/sqlmap4burp-plus-plus 一款兼容Windows，mac，linux多个系统平台的Burp与sqlmap联动插件
[24星][23d] [Py] jiangsir404/xss-sql-fuzz burpsuite 插件对GP所有参数(过滤特殊参数)一键自动添加xss sql payload 进行fuzz
- 重复区段: 平台->Web->XSS->工具 |Fuzz->工具 |
[24星][3m] [Py] portswigger/sqli-py a Python plugin for Burp Suite that integrates SQLMap using the SQLMap API.
[22星][8y] [Py] milo2012/burpsql Automating SQL injection using Burp Proxy Logs and SQLMap
[9星][1m] [Py] orleven/burpcollect 基于BurpCollector的二次开发，记录Burpsuite Site Map记录的里的数据包中的目录路径参数名信息，并存入Sqlite，并可导出txt文件。
[0星][3y] [Java] silentsignal/burp-sqlite-logger SQLite logger for Burp Suite
- 重复区段: 日志->工具 |

文章

2019.08 [nviso] Using Burp’s session Handling Rules to insert authorization cookies into Intruder, Repeater and even sqlmap
2018.11 [pediy] [原创]利用BurpSuite到SQLMap批量测试SQL注入
2018.05 [freebuf] Burpsuit结合SQLMapAPI产生的批量注入插件（X10）
2018.05 [freebuf] Burpsuit结合SQLMapAPI产生的批量注入插件
2018.04 [valeriyshevchenko] BurpSuit + SqlMap = One Love
2018.04 [freebuf] 关于Sql注入以及Burpsuite Intruders使用的一些浅浅的见解
2017.08 [freebuf] 使用Burp和自定义Sqlmap Tamper利用二次注入漏洞
2017.08 [4hou] 通过Burp以及自定义的Sqlmap Tamper进行二次SQL注入
2017.08 [360] 如何借助Burp和SQLMap Tamper利用二次注入
2017.08 [pentest] 使用 Burp 和自定义的Sqlmap Tamper 脚本实现 Second Order SQLi 漏洞利用
2017.03 [4hou] 利用Burp“宏”自动化另类 SQLi
2017.03 [freebuf] Burpsuite+SQLMAP双璧合一绕过Token保护的应用进行注入攻击
2017.03 [360] 使用burp macros和sqlmap绕过csrf防护进行sql注入
2017.01 [hackingarticles] Sql Injection Exploitation with Sqlmap and Burp Suite (Burp CO2 Plugin)
2017.01 [HackingMonks] Burpsuite - 1 (SQL injection,intercepting)
2016.11 [360] Burp Suite插件开发之SQL注入检测（已开源）
2016.11 [vkremez] Burp Suite and sqlmap
2016.05 [freebuf] BurpSuite日志分析过滤工具，加快SqlMap进行批量扫描的速度
2016.03 [freebuf] 如何编写burpsuite联动sqlmap的插件
2014.09 [freebuf] 渗透神器合体：在BurpSuite中集成Sqlmap
2014.08 [nvisium] iOS Assessments with Burp + iFunBox + SQLite
2013.04 [pediy] [原创]利用sqlmap和burpsuite绕过csrf token进行SQL注入
2013.02 [pentestlab] SQL Injection Authentication Bypass With Burp
2012.12 [freebuf] Burpsuite sqlmap插件
2012.11 [freebuf] Burp Suite—BLIND SQL INJECTION
2012.10 [] 使用BurpSuite来进行sql注入
2012.09 [freebuf] BurpSuite教程与技巧之SQL Injection
2012.06 [milo2012] Automating SQL Injection with Burp, Sqlmap and GDS Burp API
2012.06 [websec] Using Burp to exploit a Blind SQL Injection
2012.05 [freebuf] [技巧]使用Burpsuite辅助Sqlmap进行POST注入测试
2012.04 [firebitsbr] Pentest tool: Gason: A plugin to run sqlmap into burpsuite.
2011.05 [console] Web Hacking Video Series #1 Automating SQLi with Burp Extractor
2011.04 [depthsecurity] Blind SQL Injection & BurpSuite - Like a Boss

日志

工具

[523星][4m] [Py] romanzaikin/burpextension-whatsapp-decryption-checkpoint Burp extension to decrypt WhatsApp Protocol
[251星][2y] [Java] nccgroup/burpsuiteloggerplusplus Burp Suite Logger++: Log activities of all the tools in Burp Suite
[97星][2y] [Py] debasishm89/burpy parses Burp Suite log and performs various tests depending on the module provided and finally generate a HTML report.
[66星][4y] [Py] tony1016/burplogfilter A python3 program to filter Burp Suite log file.
[43星][1y] [Py] bayotop/sink-logger Burp扩展,无缝记录所有传递到已知JavaScript sinks的数据
[35星][25d] [Java] righettod/log-requests-to-sqlite BURP extension to record every HTTP request send via BURP and create an audit trail log of an assessment.
[5星][7m] [Java] logicaltrust/burphttpmock This Burp extension provides mock responses based on the real ones.
[3星][1y] [Java] ax/burp-logs Logs is a Burp Suite extension to work with log files.
[0星][3y] [Java] silentsignal/burp-sqlite-logger SQLite logger for Burp Suite
- 重复区段: SQL->工具 |

Payload

工具

[441星][9d] [Java] bit4woo/recaptcha 自动识别图形验证码并用于burp intruder爆破模块的插件
[156星][2m] trietptm/sql-injection-payloads SQL Injection Payloads for Burp Suite, OWASP Zed Attack Proxy,...
- 重复区段: SQL->工具 |
[74星][2y] [Java] ikkisoft/bradamsa Burp Suite extension to generate Intruder payloads using Radamsa
[60星][1y] [Py] destine21/zipfileraider ZIP File Raider - Burp Extension for ZIP File Payload Testing
[55星][2y] [Java] righettod/virtualhost-payload-generator BURP extension providing a set of values for the HTTP request "Host" header for the "BURP Intruder" in order to abuse virtual host resolution.
[34星][11d] tdifg/payloads for burp
[20星][4m] thehackingsage/burpsuite BurpSuite Pro, Plugins and Payloads
[19星][5y] [Java] lgrangeia/aesburp Burp Extension to manipulate AES encrypted payloads
[12星][3m] [Java] tmendo/burpintruderfilepayloadgenerator Burp Intruder File Payload Generator
[10星][2y] antichown/burp-payloads Burp Payloads
[5星][4y] [Java] antoinet/burp-decompressor An extension for BurpSuite used to access and modify compressed HTTP payloads without changing the content-encoding.
[5星][5y] [Py] enablesecurity/burp-luhn-payload-processor A plugin for Burp Suite Pro to work with attacker payloads and automatically generate check digits for credit card numbers and similar numbers that end with a check digit generated using the Luhn algorithm or formula (also known as the "modulus 10" or "mod 10" algorithm).
[3星][7y] [Py] infodel/burp.extension-payloadparser Burp Extension for parsing payloads containing/excluding characters you provide.
[3星][2y] [Java] pan-lu/recaptcha A Burp Extender that auto recognize CAPTCHA and use for Intruder payload

文章

2018.02 [hackingarticles] Payload Processing Rule in Burp suite (Part 2)
2018.02 [hackingarticles] Payload Processing Rule in Burp suite (Part 1)
2018.01 [hackingarticles] Beginners Guide to Burpsuite Payloads (Part 2)
2018.01 [hackingarticles] Beginners Guide to Burpsuite Payloads (Part 1)
2012.10 [freebuf] Burp Suite PayLoad下载

开发与调试

工具

[150星][3y] [Java] mwielgoszewski/jython-burp-api Develop Burp extensions in Jython
[90星][11m] [Java] doyensec/burpdeveltraining Material for the training "Developing Burp Suite Extensions – From Manual Testing to Security Automation"

文章

2020.01 [aliyun] 打造高度自定义的渗透工具-Burp插件开发（一）
2019.12 [parsiya] Developing and Debugging Java Burp Extensions with Visual Studio Code
2019.01 [freebuf] 详细讲解 | 利用python开发Burp Suite插件（二）
2019.01 [freebuf] 详细讲解 | 利用python开发Burp Suite插件（一）
2019.01 [4hou] 利用Python编写具有加密和解密功能的Burp插件（下）
2019.01 [4hou] 利用Python编写具有加密和解密功能的Burp插件（上）
2017.05 [elearnsecurity] Developing Burp Suite Extensions
2017.01 [polaris] BurpSuite插件开发Tips：请求响应参数的AES加解密
2016.06 [freebuf] BurpSuite插件开发Tips：请求响应参数的AES加解密
2016.04 [freebuf] Burpsuite插件开发（二）：信息采集插件
2016.02 [xxlegend] Burpsuite 插件开发之RSA加解密
2016.02 [xxlegend] Burpsuite 插件开发之RSA加解密
2016.01 [freebuf] Burpsuite插件开发之RSA加解密
2015.12 [nsfocus] Burpsuite插件开发之RSA加解密
2015.05 [netspi] Debugging Burp Extensions
2014.01 [sethsec] Writing and Debugging BurpSuite Extensions in Python
2013.12 [freebuf] Java编写代理服务器(Burp拦截Demo)一
2012.07 [console] Setting up a Burp development environment

爆破

工具

[291星][3m] [Java] c0ny1/jsencrypter 一个用于加密传输爆破的Burp Suite插件
[247星][13d] [Py] teag1e/burpcollector 通过BurpSuite来构建自己的爆破字典，可以通过字典爆破来发现隐藏资产。
[198星][9m] [Py] thekingofduck/burpfakeip 一个用于伪造ip地址进行爆破的Burp Suite插件
[128星][2m] cujanovic/content-bruteforcing-wordlist Wordlist for content(directory) bruteforce discovering with Burp or dirsearch

文章

2019.09 [BrokenSecurity] 036 part of Ethical Hacking - Burpsuite login bruteforce
2018.06 [bugbountywriteup] How to brute force efficiently without Burp Pro
2018.03 [HackerSploit] Web App Penetration Testing - #3 - Brute Force Attacks With Burp Suite
2016.09 [hackingarticles] Brute Force Website Login Page using Burpsuite (Beginner Guide)
2012.12 [pentestlab] Brute Force Attack With Burp

验证码

工具

[85星][2m] [Java] c0ny1/captcha-killer burp验证码识别接口调用插件

文章

2018.04 [freebuf] 实现一个简单的Burp验证码本地识别插件
2012.01 [idontplaydarts] Extending Burp Suite to solve reCAPTCHA

编码/解码

工具

[121星][3m] [Java] nccgroup/decoder-improved Improved decoder for Burp Suite
[83星][6y] [Py] mwielgoszewski/burp-protobuf-decoder A simple Google Protobuf Decoder for Burp
[77星][1y] [Java] bit4woo/u2c Unicode编码转中文的burp插件
[68星][3y] [Py] stayliv3/burpsuite-changeu burpsuite 插件。将返回值中的unicode明文
[36星][9y] [C#] gdssecurity/wcf-binary-soap-plug-in a Burp Suite plug-in designed to encode and decode WCF Binary Soap request and response data ("Content-Type: application/soap+msbin1)
[25星][12m] [Kotlin] gosecure/burp-ntlm-challenge-decoder Burp extension to decode NTLM SSP headers and extract domain/host information
[25星][4y] [Java] pokeolaf/pokemongodecoderforburp A simpe decoder to decode requests/responses made by PokemonGo in burp
[2星][2y] [Java] matanatr96/decoderproburpsuite Burp Suite Plugin to decode and clean up garbage response text
[0星][2y] [Java] adityachaudhary/phantom-cryptor Burp Suite extender to encrypt requests and decrypt response.
[0星][4y] [Java] luj1985/albatross XML Fast Infoset decoder for Burp Suite

文章

2018.01 [hackingarticles] Burpsuite Encoder & Decoder Tutorial
2017.03 [HackingMonks] Encoding and Decoding (Burp Suite Decoder)

认证/登录

工具

[350星][20d] [Py] securityinnovation/authmatrix AuthMatrix is a Burp Suite extension that provides a simple way to test authorization in web applications and web services.
[295星][1m] [Py] quitten/autorize Automatic authorization enforcement detection extension for burp suite written in Jython in order to ease application security people work and allow them perform an automatic authorization tests
[74星][6m] [Java] nccgroup/berserko Burp Suite extension to perform Kerberos authentication
[40星][7y] [Java] wuntee/burpauthzplugin Burp plugin to test for authorization flaws
[9星][1y] [Java] sampsonc/authheaderupdater Burp extension to specify the token value for the Authenication header while scanning.
[0星][2y] [Java] insighti/burpamx AMX Authorization Burp Suite Extension

文章

2018.11 [vanimpe] Hunt for devices with default passwords (with Burp)
2018.06 [hackers] Online Password Cracking with THC-Hydra and BurpSuite
2018.02 [hackers] Online Password Cracking with THC-Hydra and Burp Suite
2017.10 [TechnoHacker] How to Crack Logins with Burp Suite
2017.08 [avleonov] Burp Suite Free Edition and NTLM authentication in ASP.net applications
2017.05 [4hou] NTLM认证失效时，如何使用Fiddler配合Burp Suite进行渗透测试？
2017.05 [mediaservice] NTLM认证失效时，如何使用Fiddler配合Burp Suite进行渗透测试？
2016.12 [hackers] Web App Hacking: Hacking Form Authentication with Burp Suite
2015.09 [NetSecNow] How To: Brute Forcing website logins with Hydra and Burpsuite in Kali Linux 2.0
2014.02 [silentsignal] Testing websites using ASP.NET Forms Authentication with Burp Suite

Brida

工具

[609星][1y] [Java] federicodotta/brida The new bridge between Burp Suite and Frida!

文章

2019.01 [pediy] [原创]Brida操作指南
2018.04 [mediaservice] Brida用户指南
2017.10 [mediaservice] Advanced mobile penetration testing with Brida – Slides HackInBo 2017 WE
2017.08 [freebuf] Brida：使用Frida进行移动应用渗透测试
2017.08 [360] 联合Frida和BurpSuite的强大扩展--Brida
2017.08 [4hou] Brida:将frida与burp结合进行移动app渗透测试
2017.07 [mediaservice] Brida 实战
2017.01 [freebuf] 使用Frida配合Burp Suite追踪API调用

代理

工具

[919星][3y] [Java] summitt/burp-non-http-extension Non-HTTP Protocol Extension (NoPE) Proxy and DNS for Burp Suite.
[354星][2y] [Shell] koenbuyens/kalirouter 将 KaliLinux 主机转变为路由器，使用 Wireshark 记录所有的网络流量，同时将 HTTP/HTTPS 流量发送到其他主机的拦截代理（例如 BurpSuite）
[318星][1m] [Java] ilmila/j2eescan a plugin for Burp Suite Proxy. The goal of this plugin is to improve the test coverage during web application penetration tests on J2EE applications.
[253星][2y] [Java] portswigger/collaborator-everywhere Burp Suite 扩展，通过注入非侵入性 headers 来增强代理流量，通过引起 Pingback 到 Burp Collaborator 来揭露后端系统
[230星][1y] [Py] audibleblink/doxycannon 为一堆OpenVPN文件分别创建Docker容器, 每个容器开启SOCKS5代理服务器并绑定至Docker主机端口, 再结合使用Burp或ProxyChains, 构建私有的Botnet
[151星][7m] [Py] kacperszurek/burp_wp Find known vulnerabilities in WordPress plugins and themes using Burp Suite proxy. WPScan like plugin for Burp.
[89星][8m] [Java] rub-nds/burpssoextension An extension for BurpSuite that highlights SSO messages in Burp's proxy window..
[73星][10d] [Py] jiangsir404/pbscan 基于burpsuite headless 的代理式被动扫描系统
[71星][4m] [Java] static-flow/burpsuite-team-extension This Burpsuite plugin allows for multiple web app testers to share their proxy history with each other in real time. Requests that comes through your Burpsuite instance will be replicated in the history of the other testers and vice-versa!
[49星][2y] [Py] mrschyte/socksmon 使用 BURP 或 ZAP 的 TCP 拦截代理
[27星][2y] [Py] mrts/burp-suite-http-proxy-history-converter Python script that converts Burp Suite HTTP proxy history files to CSV or HTML
[26星][8m] [Java] static-flow/directoryimporter a Burpsuite plugin built to enable you to import your directory bruteforcing results into burp for easy viewing later. This is an alternative to proxying bruteforcing tools through burp to catch the results.
[13星][1y] [Java] retanoj/burpmultiproxy Burpsuite 切换代理插件
[11星][4y] [Py] vincd/burpproxypacextension Exemple d'extension Burp permettant d'utiliser les fichiers de configuration de proxy PAC
[5星][3y] [Java] mrts/burp-suite-http-proxy-history-viewer Burp Suite HTTP proxy history viewer
[5星][3y] [Java] netspi/jsws JavaScript Web Service Proxy Burp Plugin
[3星][2y] [Kotlin] pajswigger/filter-options Burp extension to filter OPTIONS requests from proxy history
[2星][1y] [Java] coastalhacking/burp-pac Burp Proxy Auto-config Extension

文章

2019.06 [NetworkHeros] Bug Bounty : BurpSuite Professional v2.0.11 Free and Set up for Proxy Intercept
2019.04 [parsiya] Hiding OPTIONS - An Adventure in Dealing with Burp Proxy in an Extension
2018.10 [valerio] MITM using arpspoof + Burp or mitmproxy on Kali Linux
2018.06 [NetworkHeros] Ethical Hacking (CEHv10): BurpSuite install and configure proxy
2017.04 [360] BurpSuite 代理设置的小技巧
2017.04 [blackhillsinfosec] Using Burp with ProxyCannon
2017.02 [polaris] 使用BurpSuite攻击JavaScript Web服务代理
2017.02 [freebuf] 使用Burpsuite代理和pypcap抓包进行抢红包的尝试
2016.08 [] Configuring Google Chrome to Proxy Through Burp Suite
2016.04 [freebuf] 针对非Webapp测试的Burp技巧(一)：拦截和代理监听
2016.04 [parsiya] Thick Client Proxying - Part 4: Burp in Proxy Chains
2016.04 [parsiya] Thick Client Proxying - Part 4: Burp in Proxy Chains
2016.04 [parsiya] Thick Client Proxying - Part 3: Burp Options and Extender
2016.04 [parsiya] Thick Client Proxying - Part 3: Burp Options and Extender
2016.03 [parsiya] Thick Client Proxying - Part 1: Burp Interception and Proxy Listeners
2016.03 [parsiya] Thick Client Proxying - Part 1: Burp Interception and Proxy Listeners
2016.02 [THER] Learn Burp Suite, the Nr. 1 Web Hacking Tool - 03 - Proxy Module
2015.12 [jerrygamblin] Proxying BurpSuite through TOR
2015.10 [parsiya] Proxying Hipchat Part 2: So You Think You Can Use Burp?
2014.01 [nvisium] Intro To Burp Suite Part I: Setting Up BurpSuite with Firefox and FoxyProxy
2013.05 [] Burp Suite处理“不支持代理”的客户端
2013.01 [rapid7] Video Tutorial: Introduction to Burp-Suite 1.5 Web Pen Testing Proxy

域/子域

工具

[383星][1m] [Java] bit4woo/domain_hunter 利用burp收集整个企业、组织的域名（不仅仅是单个主域名）的插件
[147星][8m] [Py] codingo/minesweeper A Burpsuite plugin (BApp) to aid in the detection of scripts being loaded from over 23000 malicious cryptocurrency mining domains (cryptojacking).
[133星][4m] [Py] prodigysml/dr.-watson a simple Burp Suite extension that helps find assets, keys, subdomains, IP addresses, and other useful information!
[17星][4m] [Java] phefley/burp-javascript-security-extension A Burp Suite extension which performs checks for cross-domain scripting against the DOM, subresource integrity checks, and evaluates JavaScript resources against threat intelligence data.

文章

2018.05 [pentestingexperts] Minesweeper – A Burpsuite plugin (BApp) to aid in the detection of cryptocurrency mining domains (cryptojacking)

工具

新添加

[740星][1y] [Java] d3vilbug/hackbar HackBar plugin for Burpsuite
[622星][11m] [Java] c0ny1/chunked-coding-converter Burp suite 分块传输辅助插件
[383星][3y] [Py] 0x4d31/burpa A Burp Suite Automation Tool with Slack Integration. It can be used with Jenkins and Selenium to automate Dynamic Application Security Testing (DAST).
[377星][4y] [JS] allfro/burpkit Next-gen BurpSuite penetration testing tool
[364星][2m] [Java] bit4woo/knife A burp extension that add some useful function to Context Menu 添加一些右键菜单让burp用起来更顺畅
[342星][3y] [Py] pathetiq/burpsmartbuster A Burp Suite content discovery plugin that add the smart into the Buster!
[315星][1y] [Java] ebryx/aes-killer Burp plugin to decrypt AES Encrypted traffic of mobile apps on the fly
[241星][4m] [Java] samlraider/samlraider SAML2 Burp Extension
[223星][14d] [Java] lilifengcode/burpsuite-plugins-usage Burpsuite-Plugins-Usage
[164星][7m] [Java] netspi/javaserialkiller Burp extension to perform Java Deserialization Attacks
[164星][3m] [Py] regala/burp-scope-monitor Burp Suite Extension to monitor new scope
[160星][1y] [Py] bayotop/off-by-slash Bupr扩展, 检测利用Nginx错误配置导致的重名遍历(alias traversal)
[151星][6m] [Java] netsoss/headless-burp Automate security tests using Burp Suite.
[138星][2y] [Java] netspi/wsdler WSDL Parser extension for Burp
[131星][9m] [Go] empijei/wapty Go语言编写的Burp的替代品。（已不再维护）
[124星][4y] [Py] moloch--/csp-bypass A Burp Plugin for Detecting Weaknesses in Content Security Policies
[119星][7y] [Py] meatballs1/burp-extensions Burp Suite Extensions
[112星][13d] [Java] x-ai/burpunlimitedre This project !replace! BurpUnlimited of depend (BurpSutie version 1.7.27). It is NOT intended to replace them!
[105星][4m] [Java] netspi/burp-extensions Central Repo for Burp extensions
[104星][2y] [Java] clr2of8/gathercontacts A Burp Suite Extension to pull Employee Names from Google and Bing LinkedIn Search Results
[103星][9m] [Py] kibodwapon/noeye A blind mode exploit framework (a dns server and a web app) that like wvs's AcuMonitor Service or burpsuite's collabrator or cloudeye
[103星][4y] [Java] summitt/burp-ysoserial YSOSERIAL Integration with burp suite
[90星][3y] [Java] dobin/burpsentinel GUI Burp Plugin to ease discovering of security holes in web applications
[89星][9m] [Py] lopseg/jsdir a Burp Suite extension that extracts hidden paths from js files and beautifies it for further reading.
[88星][1y] [Py] nccgroup/blackboxprotobuf Blackbox protobuf is a Burp Suite extension for decoding and modifying arbitrary protobuf messages without the protobuf type definition.
[88星][2y] [Java] silentsignal/burp-image-size Image size issues plugin for Burp Suite
[86星][20d] [Py] leoid/matchandreplace Match and Replace script used to automatically generate JSON option file to BurpSuite
[85星][1m] [Go] root4loot/rescope defining scopes for Burp Suite and OWASP ZAP.
[84星][3m] [Java] jgillam/burp-paramalyzer Burp extension for parameter analysis of large-scale web application penetration tests.
[84星][2y] [Java] yandex/burp-molly-pack Security checks pack for Burp Suite
[73星][6y] [Java] irsdl/burpsuitejsbeautifier Burp Suite JS Beautifier
[73星][2y] [Java] spiderlabs/burplay a Burp Extension allowing for replaying any number of requests using same modifications definition. Its main purpose is to aid in searching for Privilege Escalation issues.
[70星][30d] [Py] ziirish/burp-ui a web-ui for burp backup written in python with Flask and jQuery/Bootstrap
[69星][5m] [Java] aress31/swurg Parse OpenAPI documents into Burp Suite for automating OpenAPI-based APIs security assessments
[65星][2y] [Py] markclayton/bumpster The Unofficial Burp Extension for DNSDumpster.com
[58星][1y] [Java] portswigger/replicator Burp extension to help developers replicate findings from pen tests
[58星][6y] [Java] spiderlabs/burpnotesextension a plugin for Burp Suite that adds a Notes tab. The tool aims to better organize external files that are created during penetration testing.
[48星][2y] [java] anbai-inc/burpstart Burp 启动加载器
[48星][2y] [Java] inode-/attackselector Burp Suite Attack Selector Plugin
[47星][3m] [Py] hvqzao/report-ng Generate MS Word template-based reports with HP WebInspect / Burp Suite Pro input, own custom data and knowledge base.
[46星][1y] [Py] br3akp0int/gqlparser A repository for GraphQL Extension for Burp Suite
[46星][1y] [Java] secdec/attack-surface-detector-burp The Attack Surface Detector uses static code analyses to identify web app endpoints by parsing routes and identifying parameters
[45星][1y] [Go] joanbono/gurp Burp Commander written in Go
[41星][1y] [Py] zynga/hiccup [DEPRECATED] Hiccup is a framework that allows the Burp Suite (a web application security testing tool,
[41星][1y] [Java] tijme/similar-request-excluder A Burp Suite extension that automatically marks similar requests as 'out-of-scope'.
[41星][12m] [PHP] spiderlabs/upnp-request-generator A tool to parse UPnP descriptor XML files and generate SOAP control requests for use with Burp Suite or netcat
[39星][10m] [Dockerfile] marco-lancini/docker_burp Burp Pro as a Docker Container
[39星][4m] [Py] zephrfish/burpfeed Hacked together script for feeding urls into Burp's Sitemap
[36星][2m] [Py] 0ang3el/unsafe-jax-rs-burp Burp Suite extension for JAX-RS
[36星][8y] [Py] gdssecurity/burpee Python object interface to requests/responses recorded by Burp Suite
[36星][1y] [Java] ikkisoft/blazer Burp Suite AMF Extension
[35星][2y] [Java] bit4woo/resign A burp extender that recalculate signature value automatically after you modified request parameter value.
[34星][2y] [Py] penafieljlm/burp-tracer BurpSuite 扩展。获取当前的站点地图，提取每个请求参数，并搜索存在请求参数值的回复
[33星][4y] [Py] peacand/burp-pytemplate Burp extension to quickly and easily develop Python complex exploits based on Burp proxy requests.
[33星][2m] [Java] rub-nds/tls-attacker-burpextension assist in the evaluation of TLS Server configurations with Burp Suite.
[33星][3y] [Go] tomsteele/burpstaticscan Use burp's JS static code analysis on code from your local system.
[32星][5y] [Java] malerisch/burp-csj BurpCSJ extension for Burp Pro - Crawljax Selenium JUnit integration
[30星][2y] [Py] aurainfosec/burp-multi-browser-highlighting Highlight Burp proxy requests made by different browsers
[30星][4y] [Py] carstein/burp-extensions Automatically exported from code.google.com/p/burp-extensions
[30星][7y] [Py] meatballs1/burp_jsbeautifier js-beautifier extension for Burp Suite
[29星][5y] [Java] burp-hash/burp-hash a Burp Suite plugin.
[29星][9m] [Java] hvqzao/burp-flow Extension providing view with filtering capabilities for both complete and incomplete requests from all burp tools.
[29星][13d] [Java] silentsignal/burp-requests Copy as requests plugin for Burp Suite
[29星][4y] [Py] smeegesec/burp-importer Burp Suite Importer - Connect to multiple web servers while populating the sitemap.
[25星][2y] [Py] portswigger/burp-smart-buster A Burp Suite content discovery plugin that add the smart into the Buster!
[23星][2y] [Py] aur3lius-dev/spydir BurpSuite extension to assist with Automated Forced Browsing/Endpoint Enumeration
[23星][6m] [Py] elespike/burp-cph Custom Parameter Handler extension for Burp Suite.
[23星][2y] [Java] silentsignal/burp-uuid UUID issues for Burp Suite
[23星][2y] [Ruby] zidekmat/graphql_beautifier Burp Suite extension to help make Graphql request more readable
[22星][3m] [Java] ettic-team/endpointfinder-burp burp plugin to find endpoint
[22星][4y] [Swift] melvinsh/burptoggle Status bar application for OS X to toggle the state of the system HTTP/HTTPS proxy.
[21星][5y] [Java] khai-tran/burpjdser a Burp plugin that will deserialze/serialize Java request and response to and from XML with the use of Xtream library
[21星][3y] [Ruby] kingsabri/burp_suite_extension_ruby BurpSuite Extension Ruby Template to speed up building a Burp Extension using Ruby
[20星][3y] [Py] securitymb/burp-exceptions Simple trick to increase readability of exceptions raised by Burp extensions written in Python
[20星][30d] [Py] yeswehack/yesweburp YesWeHack Api Extension for Burp
[19星][9m] [Java] hvqzao/burp-wildcard Burp extension intended to compact Burp extension tabs by hijacking them to own tab.
[19星][4m] [Java] silentsignal/burp-json-jtree JSON JTree viewer for Burp Suite
[18星][7y] [Java] omercnet/burpjdser-ng BurpJDSer-ng
[18星][3m] [Py] xscorp/burpee A python module that accepts an HTTP request file and returns a dictionary of headers and post data
[17星][2y] [Visual Basic .NET] xcanwin/xburpcrack This is a tool to bypass the cracked version of the burpsuite_pro(Larry_Lau) certification deadline through time reversal.
[16星][4y] [Java] shengqi158/rsa-crypto-burp-extention burp 插件用于RSA 数据包加解密
[15星][2y] [Java] netspi/jsonbeautifier JSON Beautifier for Burp written in Java
[15星][29d] [Java] augustd/burp-suite-jsonpath JSONPath extension for BurpSuite
[15星][14d] [Java] m4ll0k/burpsuite-random_useragent Burp Suite extension for generate a random user-agents
[14星][5y] [Java] federicodotta/burpjdser-ng-edited Burp Suite plugin that allow to deserialize Java objects and convert them in an XML format. Unpack also gzip responses. Based on BurpJDSer-ng of omercnet.
[14星][2y] [Java] c0ny1/burp-cookie-porter 一个可快速“搬运”cookie的Burp Suite插件
[14星][1m] [Java] qdghj/burp_data_collector A Burp plugin that collects Burp request parameters, directories, paths and file names into the database for sorting
[13星][2m] [Java] ankokuty/belle Belle (Burp Suite 非公式日本語化ツール)
[13星][6y] [Java] ioactive/burpjdser-ng Allows you to deserialize java objects to XML and lets you dynamically load classes/jars as needed
[13星][9m] [Py] modzero/burp-responseclusterer Burp plugin that clusters responses to show an overview of received responses
[13星][8m] [Py] solomonsklash/sri-check A Burp Suite extension for identifying missing Subresource Integrity attributes.
[12星][1m] [Java] augustd/burp-suite-utils Utilities for creating Burp Suite Extensions.
[12星][2y] [Java] hvqzao/burp-token-rewrite Burp extension for automated handling of CSRF tokens
[12星][7y] [Py] infodel/burp.extension-googlehack Burp Suite Extension providing Google Hacking Interface
[12星][1y] [Java] moeinfatehi/admin-panel_finder A burp suite extension that enumerates infrastructure and application admin interfaces (OTG-CONFIG-005)
[11星][6y] [Py] faffi/curlit Burp plugin to turn requests into curl commands
[11星][9y] [Java] gdssecurity/deflate-burp-plugin The Deflate Burp Plugin is a plug-in for Burp Proxy (it implements the IBurpExtender interface) that decompresses HTTP response content in the ZLIB (RFC1950) and DEFLATE (RFC1951) compression formats.
[11星][2y] [Java] gozo-mt/burplist A jython wordlist creator in-line with Burp-suite
[11星][3y] [Java] h3xstream/burp-image-metadata Burp and ZAP plugin that display image metadata (JPEG Exif or PNG text chunk).
[11星][6y] [Py] smeegesec/wsdlwizard WSDL Wizard is a Burp Suite plugin written in Python to detect current and discover new WSDL (Web Service Definition Language) files.
[11星][4y] [Java] monikamorrow/burp-suite-extension-examples Burp Suite starter example projects.
[10星][2y] [HTML] adriancitu/burp-tabnabbing-extension Burp Suite Professional extension in Java for Tabnabbing attack
[10星][2m] [Py] defectdojo/burp-plugin A Burp plugin to export findings to DefectDojo
[10星][2y] [Java] xxux11/burpheartbleedextension Burp Heartbleed Extension
[10星][5m] [Java] wrvenkat/burp-multistep-csrf-poc Burp extension to generate multi-step CSRF POC.
[9星][5y] [Java] allfro/dotnetbeautifier A BurpSuite extension for beautifying .NET message parameters and hiding some of the extra clutter that comes with .NET web apps (i.e. __VIEWSTATE).
[9星][4y] [Java] augustd/burp-suite-gwt-scan Burp Suite plugin identifies insertion points for GWT (Google Web Toolkit) requests
[9星][13d] [Java] aoncyberlabs/fastinfoset-burp-plugin Burp plugin to convert fast infoset (FI) to/from the text-based XML document format allowing easy editing
[8星][2y] [Java] rammarj/csrf-poc-creator A Burp Suite extension for CSRF proof of concepts.
[8星][14d] [Java] silentsignal/burp-cfurl-cache CFURL Cache inspector for Burp Suite
[8星][3m] [Py] fsecurelabs/timeinator Timeinator is an extension for Burp Suite that can be used to perform timing attacks over an unreliable network such as the internet.
[7星][5m] [Java] dibsy/staticanalyzer StaticAnalyzer is a burp plugin that can be used to perform static analysis of the response information from server during run time. It will search for specific words in the response that is mentioned in the vectors.txt
[7星][3y] [Ruby] dradis/burp-dradis Dradis Framework extension for Burp Suite
[7星][1y] [Java] fruh/extendedmacro ExtendedMacro - BurpSuite plugin providing extended macro functionality
[7星][2y] [Java] jgillam/serphper Serialized PHP toolkit for Burp Suite
[7星][2y] [Java] yehgdotnet/burp-extention-bing-translator Burp Plugin - Bing Translator
[7星][1y] chef-koch/windows-redstone-4-1803-data-analysis Explains the telemetry, opt-out methods and provides some Whireshark/Burp dumps in order to see what MS really transmit
[7星][9m] [Java] denniskniep/gqlraider GQL Burp Extension
[7星][22d] [Java] bytebutcher/burp-send-to Adds a customizable "Send to..."-context-menu to your BurpSuite.
[6星][5m] [Java] aress31/copy-as-powershell-requests Copy as PowerShell request(s) plugin for Burp Suite (approved by PortSwigger for inclusion in their official BApp Store).
[6星][2m] [Java] aress31/googleauthenticator Burp Suite plugin that dynamically generates Google 2FA codes for use in session handling rules (approved by PortSwigger for inclusion in their official BApp Store).
[6星][5m] [Py] maxence-schmitt/officeopenxmleditor Burp extension that add a tab to edit Office Open XML document (xlsx,docx,pptx)
[6星][2y] [Java] silentsignal/burp-commentator Generates comments for selected request(s) based on regular expressions
[6星][2y] [Java] silentsignal/burp-uniqueness Uniqueness plugin for Burp Suite
[6星][12m] raspberrypilearning/burping-jelly-baby Make a Jelly Baby burp by pressing it!
[6星][3m] [Java] neal1991/r-forwarder-burp The burp extension to forward the request
[5星][4y] [Py] cyberdefenseinstitute/burp-msgpack MessagePack converter
[5星][7y] [Py] mwielgoszewski/jython-burp-extensions Jython burp extensioins
[5星][2m] [Ruby] dradis/dradis-burp Burp Suite plugin for the Dradis Framework
[4星][2y] [Java] dannegrea/tokenjar Burp Suite extension. Useful for managing tokens like anti-CSRF, CSurf, Session values. Can be used to set params that require random numbers or params that are computed based on application response.
[4星][7y] [Py] dnet/burp-gwt-wrapper Burp Suite GWT wrapper
[4星][2y] [Ruby] geoffwalton/burp-command
[4星][14d] [Py] niemand-sec/burp-scan-them-all Small script for automatizing Burp with Carbonator and slack
[4星][2y] [Java] silentsignal/burp-git-version
[4星][5m] [Java] augustd/burp-suite-swaggy Burp Suite extension for parsing Swagger web service definition files
[4星][3y] [Java] jksecurity/burp_savetofile BurpSuite plugin to save just the body of a request or response to a file
[4星][8m] [Java] virusdefender/burptime Burp Show Response Time
[4星][2m] [Java] gdgd009xcd/automacrobuilder multi step request sequencer AutoMacroBuilder for burpsuite
[3星][9m] [Batchfile] jas502n/burpsuite_pro_v1.7.11-crack BurpSuite_pro_v1.7.11-Crack 破解版抓包神器
[3星][4y] [Py] mwielgoszewski/burp-jython-tab
[3星][20d] [Java] raise-isayan/bigipdiscover It becomes the extension of Burp suite. The cookie set by the BipIP server may include a private IP, which is an extension to detect that IP
[3星][2y] [Py] snoopysecurity/noopener-burp-extension Find Target="_blank" values within web pages that are set without 'noopener' and 'noreferrer' attributes
[3星][4y] [Py] vergl4s/signatures Length extension attacks in Burp Suite
[3星][3y] [Java] cnotin/burp-scan-manual-insertion-point Burp Suite Pro extension
[3星][11d] [Py] akabe1/upnp-bhunter Burp Suite Extension useful to inspect UPnP security
[3星][8m] [Py] solomonsklash/cookie-decrypter A Burp Suite Professional extension for decrypting/decoding various types of cookies.
[2星][1y] [Py] bao7uo/burpelfish BurpelFish - Adds Google Translate to Burp's Context Menu. "Babel Fish" language translation for app-sec testing in other languages.
[2星][2y] [Java] cornerpirate/demoextender Code used for a tutorial to get Netbeans GUI editor to work with a Burp Suite Extender
[2星][4y] [Py] d453d2/burp-jython-console Burp Suite extension to enable a Jython console - origin (
[2星][2y] [Py] dnet/burp-scripts Scripts I wrote to extend Burp Suite functionality
[2星][7y] [Py] meatballs1/burp_wicket_handler
[2星][3y] [Java] silentsignal/burp-json-array JSON Array issues plugin for Burp Suite
[2星][2y] stayliv3/burpsuite-magic 收集burpsuite插件，并对每个插件编写使用说明手册。
[2星][3y] [Ruby] thec00n/uploader Burp extension to test for directory traversal attacks in insecure file uploads
[2星][8y] [Java] thecao365/burp-suite-beautifier-extension burp-suite-beautifier-extension
[2星][3m] [Java] peachtech/peachapisec-burp Peach API Security Burp Integration
[2星][3m] [Java] parsiya/burp-sample-extension-java Sample Burp Extension in Java
[1星][3y] [Java] chris-atredis/burpchat burpChat is a BurpSuite plugin that enables collaborative BurpSuite usage using XMPP/Jabber.
[1星][3m] [Java] infobyte/faraday_burp Faraday Burp Extension
[1星][11m] [Java] jonluca/burp-copy-as-node Burp extension to copy a request as a node.js requests function
[1星][2y] [Java] sampsonc/perfmon Performance metrics for Burp Suite
[1星][3y] [Java] tagomaru/burp-extension-sync-parameter an extension to Burp Suite that provides a sync function for CSRF token parameter.
[1星][5m] [Py] bomsi/blockerlite Simple Burp extension to drop blacklisted hosts
[1星][4y] [Py] hvqzao/burp-csrf-handling CSRF tokens handling Burp extension
[1星][3m] [Java] sunny0day/burp-auto-drop Burp extension to automatically drop requests that match a certain regex.
[0星][4y] fbogner/burp.app A small AppleScript wrapper application around Burp.jar to make it more OS X like
[0星][1y] jgamblin/burptest
[0星][2y] kkirsche/burp_suite_lists Lists to use with Burp Suite
[0星][2y] [Java] silentsignal/burp-asn1 ASN.1 toolbox for Burp Suite
[0星][9m] [Java] celsogbezerra/copy-as-javascript-request Copy as JavaScript Request plugin for Burp Suite
[0星][1y] [Py] nagakm/throttler This extension is for Burpsuite
[0星][2y] [Py] nagakm/throttler This extension is for Burpsuite

文档

[736星][2y] [JS] xl7dev/burpsuite BurpSuite using the document and some extensions
[299星][1y] [Shell] yw9381/burp_suite_doc_zh_cn 这是基于Burp Suite官方文档翻译而来的中文版文档
[12星][3m] boreas514/burp-suite-2.0-chinese-document 中文版burp2.0官方文档

文章

新添加

2020.01 [portswigger] Burp Suite roadmap for 2020 | Blog - PortSwigger
2019.12 [aliyun] 如何利用xray、burp、lsc构成自动化挖src平台
2019.11 [parsiya] Swing in Python Burp Extensions - Part 3 - Tips and Tricks
2019.11 [parsiya] Swing in Python Burp Extensions - Part 2 - NetBeans and TableModels
2019.11 [parsiya] Swing in Python Burp Extensions - Part 1
2019.10 [parsiya] Quality of Life Tips and Tricks - Burp Suite
2019.10 [freebuf] 使用Burp拦截Flutter App与其后端的通信
2019.09 [BrokenSecurity] 033 part of Ethical Hacking - Editing packets in Burpsuite
2019.09 [BrokenSecurity] 032 part of Ethical Hacking - Burpsuite configuration
2019.09 [radekk] Firefox and Burp Suite — the most secure configuration
2019.07 [0x00sec] Doubt with header. Burp & Tamper
2019.06 [sirpwnalot] Hunting for Privilege Escalation with Burp Suite
2019.06 [appsecconsulting] Ten Useful Burp Suite Pro Extensions for Web Application Testing
2019.05 [d3adend] Argument Injection Hammer Burp Suite Extension
2019.05 [infosecaddicts] Burp Suite
2019.04 [parsiya] Disabling Burp's Update Screen - Part 1 - Analysis and Failures
2019.02 [infosecinstitute] Quick and Dirty BurpSuite Tutorial (2019 Update)
2019.02 [pentestpartners] Burp HMAC header extensions, a how-to
2018.12 [parsiya] Cryptography in Python Burp Extensions
2018.12 [parsiya] Python Utility Modules for Burp Extensions
2018.12 [parsiya] 使用Burp的网站地图比较功能, 检测强制浏览/访问控制/直接对象引用等问题
2018.12 [parsiya] Tiredful API - Part 2 - Comparing Site Maps with Burp
2018.11 [wallarm] FAST or Burp or both?
2018.11 [arbazhussain] Broken Link Hijacking Burp Plugin
2018.11 [jerrygamblin] Automatically Create Github Issues From Burp 2.0
2018.08 [portswigger] Burp Suite Enterprise Edition beta now available | Blog
2018.08 [portswigger] Burp's new crawler | Blog
2018.07 [cqureacademy] How To Burp With Confidence – Our 5 Favorite Features
2018.07 [freebuf] 使用VirtualBox，INetSim和Burp建立自己的恶意软件分析实验环境
2018.07 [web] Support for XXE attacks in SAML in our Burp Suite extension
2018.06 [finnwea] An efficiency improvement for Burp Suite
2018.06 [finnwea] An efficiency improvement for Burp Suite
2018.05 [hackerone] New Hacker101 Content: Threat modeling, Burp basics, and more
2018.04 [dustri] Confusing Burp's display with fake encoding
2018.03 [secureideas] Burp Suite continuing the Saga
2018.03 [blackhillsinfosec] Gathering Usernames from Google LinkedIn Results Using Burp Suite Pro
2018.02 [hackingarticles] Advance Web Application Testing using Burpsuite
2018.02 [HackerSploit] Web App Penetration Testing - #1 - Setting Up Burp Suite
2018.02 [hackingarticles] Engagement Tools Tutorial in Burp suite
2018.01 [360] 恶意软件逆向：burpsuite 序列号器后门分析
2018.01 [hackingarticles] WordPress Exploitation using Burpsuite (Burp_wp Plugin)
2018.01 [blackhillsinfosec] Analyzing Extension Effectiveness with Burp
2018.01 [4hou] 实战教程：用Burpsuite测试移动应用程序
2017.12 [freebuf] 经验分享 | Burpsuite插件的使用
2017.12 [picturoku] Burp... (excuse me) ...suite
2017.12 [freebuf] 新手福利 | Burpsuite你可能不知道的技巧
2017.12 [aliyun] 使用OWASP Zap度过没有Burp的过渡期
2017.12 [freebuf] 利用Burp Suite挖掘暗网服务的真实IP
2017.11 [n00py] Exploiting blind Java deserialization with Burp and Ysoserial
2017.10 [freebuf] 利用Burp Suite对OWASP Juice Shop进行渗透测试
2017.10 [gdssecurity] Pentesting Fast Infoset based web applications with Burp
2017.10 [d0znpp] The best Burp plugin I’ve ever seen
2017.10 [n00py] How to Burp Good
2017.09 [niemand] Automatizing Burp + Carbonator + Slack
2017.09 [trustwave] burplay介绍
2017.09 [initblog] Hacking a Pizza Order with Burp Suite
2017.09 [freebuf] 如何在特定的渗透测试中使用正确的Burp扩展插件
2017.08 [portswigger] 如何为特定的渗透测试环境定制 Burp 扩展
2017.08 [cybrary] Your Complete Guide to Burp Suite
2017.07 [hackerone] Hey Hackers: We’ve got your free Burp Suite Professional license right here
2017.07 [aliyun] Burpsuite handshake alert: unrecognized_name解决办法
2017.07 [4hou] 用VirtualBox、INetSim和Burp配置一个恶意软件分析实验室
2017.06 [portswigger] Behind enemy lines: bug hunting with Burp Infiltrator | Blog
2017.06 [christophetd] 使用 VirtualBox，INetSim和 Burp 搭建自己的恶意软件分析实验室
2017.05 [360] Burp Suite Mobile Assistant
2017.05 [netspi] Beautifying JSON in Burp
2017.04 [aliyun] Burp Suite收集到的录像、文档以及视频资料
2017.02 [zsec] Learning the Ropes 101: Burp Suite Intro
2017.02 [netspi] Attacking JavaScript Web Service Proxies with Burp
2017.02 [polaris] BurpSuite和Fiddler串联使用解决App测试漏包和速度慢的问题
2017.01 [securityinnovation] Solve the Software Security Authorization Testing Riddle with AuthMatrix for Burp Suite
2016.12 [polaris] BurpSuite插件分享：图形化重算sign和参数加解密插件
2016.12 [rapid7] Burp Series: Intercepting and modifying made easy
2016.12 [polaris] BurpSuite 实战指南
2016.12 [360] BurpSuite 实战指南（附下载地址）
2016.11 [freebuf] 渗透测试神器Burp Suite v1.7.08发布（含下载）
2016.10 [averagesecurityguy] Recon-ng + Google Dorks + Burp = ...
2016.10 [hackingarticles] SMS Bombing on Mobile using Burpsuite
2016.09 [hackingarticles] Hijacking Gmail Message on Air using Burpsuite
2016.09 [securify] Burp Suite security automation with Selenium and Jenkins
2016.09 [securityblog] Simple python script to make multiple raw requests from Burp
2016.07 [portswigger] Introducing Burp Infiltrator | Blog
2016.06 [insinuator] SAMLReQuest Burpsuite Extention
2016.05 [jerrygamblin] BurpBrowser
2016.05 [silentsignal] Detecting ImageTragick with Burp Suite Pro
2016.04 [portswigger] Introducing Burp Projects | Blog
2016.04 [breakpoint] Web Hacking with Burp Suite 101
2016.04 [hack] Advanced Burp Suite
2016.03 [freebuf] Burp Suite新手指南
2016.03 [portswigger] Using Burp Suite to audit and exploit an eCommerce application | Blog
2016.03 [freebuf] 渗透测试神器Burpsuite Pro v1.6.38（含下载）
2016.03 [360] 使用burp进行java反序列化攻击
2016.03 [netspi] Java Deserialization Attacks with Burp
2016.02 [] 对burpsuite_pro逆向的一点心得
2016.02 [THER] Learn Burp Suite, the Nr. 1 Web Hacking Tool - 00 - Intro
2016.02 [THER] Learn Burp Suite, the Nr. 1 Web Hacking Tool - 08 - Congrats
2016.02 [THER] Learn Burp Suite, the Nr. 1 Web Hacking Tool - 02 - General Concept
2016.02 [THER] Learn Burp Suite, the Nr. 1 Web Hacking Tool - 01 - Environment Setup
2016.02 [gracefulsecurity] Introduction to Burp Suite Pro
2016.02 [bishopfox] Burp, Collaborate, and Listen: A Pentester Reviews the Latest Burp Suite Addition
2016.02 [xxlegend] 如何让Burpsuite监听微信公众号
2016.01 [hack] Burp Suite For Beginners
2016.01 [blackhillsinfosec] Pentesting ASP.NET Cookieless Sessions with Burp
2015.12 [portswigger] Burp Clickbandit: A JavaScript based clickjacking PoC generator | Blog
2015.11 [gracefulsecurity] Burp Suite Extensions: Installing Jython and adding an Extension
2015.09 [freebuf] 渗透测试神器Burpsuite Pro v1.6.24（含下载）
2015.09 [freebuf] BurpSuite下一代渗透检测工具：BurpKit
2015.08 [portcullis] Burp Extension
2015.07 [secist] 使用burp进行java反序列化攻击
2015.07 [compass] SAML Burp Extension
2015.07 [nvisium] Intro to BurpSuite, Part VI: Burpsuite Sequencer
2015.07 [] 小技巧：Burp Suite 插件库 BApp Store
2015.06 [gracefulsecurity] Burp Suite Keyboard Shortcuts!
2015.06 [acunetix] Pre-seeding a crawl using output from Fiddler, Burp, Selenium and HAR files
2015.05 [idontplaydarts] Detecting low entropy tokens with massive bloom filters in Burp
2015.04 [mediaservice] Pentesting with Serialized Java Objects and Burp Suite
2014.12 [insinuator] Getting 20k Inline-QR-Codes out of Burp
2014.11 [liftsecurity] Static Analysis and Burp Suite
2014.10 [buer] Detecting Burp Suite – Part 2 of 3: Callback Exposure
2014.09 [compass] BurpSentinel on Darknet
2014.08 [nvisium] Intro to BurpSuite V: Extracting Intrusions
2014.08 [milo2012] Extended functionality for Burp Plugin – Carbonator
2014.07 [portswigger] Burp gets new JavaScript analysis capabilities | Blog
2014.07 [nvisium] Intro to BurpSuite Part IV: Being Intrusive
2014.07 [liftsecurity] Introducing Burpbuddy
2014.07 [buer] Detecting Burp Suite – Part 1 of 3: Info Leak
2014.06 [parsiya] Piping SSL/TLS Traffic from SoapUI to Burp
2014.05 [sans] Assessing SOAP APIs with Burp
2014.05 [nvisium] Intro to BurpSuite: Part III - It's all about Repetition!
2014.04 [freebuf] 国产BurpSuite 插件 Assassin V1.0发布
2014.03 [nvisium] Burp App Store
2014.02 [nvisium] Intro to Burp Part II: Sighting in your Burp Scope
2014.01 [sethsec] Re-launch - A focus on Web Application Pen Testing, Burp Extensions, etc
2013.12 [appsecconsulting] So You Want to Build a Burp Plugin?
2013.06 [sec] How to rapidly build a Burp session handling extension using JavaScript
2013.06 [freebuf] BurpSuite系列使用视频教程（下载）
2013.05 [] Burp通过注射点dump数据库
2013.05 [trustwave] Introducing the Burp Notes Extension
2013.03 [security] Penetration Test pWnOS v2.0 with BurpSuite
2013.03 [freebuf] 使用Burp攻击Web Services
2013.03 [netspi] Hacking Web Services with Burp
2013.01 [websecurify] Reading Burp Files From Websecurify Suite
2013.01 [netspi] Tool release: AMF Deserialize Burp plugin
2012.12 [pentestlab] Local File Inclusion Exploitation With Burp
2012.12 [portswigger] Sample Burp Suite extension: custom editor tab | Blog
2012.12 [portswigger] Writing your first Burp Suite extension | Blog
2012.12 [portswigger] New Burp Suite Extensibility | Blog
2012.11 [perezbox] Spoofing an Admin’s Cookies Using Burp
2012.11 [freebuf] Burp Suite免费版本（Free Edition）v1.5发布
2012.10 [] 利用burpsuite获得免费空间
2012.10 [netspi] Pentesting Java Thick Applications with Burp JDSer
2012.09 [] 用Burp_suite快速处理上传截断
2012.09 [] 使用burp suite探测Web目录
2012.05 [freebuf] Burpsuite系列视频教程不加密版第一部分公布下载
2011.12 [milo2012] OWASP Ajax Crawling Tool (Good Companion Tool to Burpsuite)
2011.12 [insinuator] Use Python for Burp plugins with pyBurp
2011.10 [portswigger] Breaking encrypted data using Burp | Blog
2011.06 [cyberis] 'Invisible Intercept' Function of Burp

贡献

内容为系统自动导出, 有任何问题请提issue

所有收集类项目

BurpSuite

目录

资源收集

工具

文章

Burp组件

Collaborator

工具

文章

Intruder

工具

文章

Repeater

工具

文章

Extender

工具

文章

Macros

工具

文章

Extractor

Spider

平台

Web

WAF

工具

文章

HTTP/HTTPS

工具

文章

XSS

工具

文章

CSRF

工具

文章

REST

工具

文章

JWT

工具

文章

Windows

文章

Linux

文章

Apple

文章

Android

工具

文章

Cloud

工具

漏洞

工具

文章

扫描

工具

文章

Fuzz

工具

文章

SQL

工具

文章

日志

工具

Payload

工具

文章

开发与调试

工具

文章

爆破

工具

文章

验证码

工具