Top 5 Burp Suite extensions for bug bounty

In this article you are going to learn about top 5 extensions in burp suite which are really helpful in bug bounty hunting. These extensions are not only helpful in bug bounty hunting, but you can also use these extension during your normal penetration testing sessions.

Before staring the list the below section is for those who don’t know how to install extensions in burp suite.

How to install Extensions in Burp suite?

There are few simple steps to install the extension in burp suite.

  1. When you open the burp suite you can see different tabs like proxy, intruder, repeater among them there is a tab name extender. We have to go to extender tab to install the extensions.
Burp suite extension
Burp version 2.0.11

The above picture is of burp version 2.0.11 latest is 2.1.06 but the functionality of the program is same.

2. After going to extender tab you can see BApp store in sub tabs.

3. Here you can see all the extension present.

4. To install the extension select it, scroll down the page and click on install.

That’s it, you now know how to install burp extensions

Let’s start the list.

1. Active Scan++

The first on our list is Active Scan++. It is one of the most popular burp suite extensions. Burp already comes with active and passive scanning abilities but this extension takes the scanning process to another level.

Official Description

ActiveScan++ extends Burp Suite’s active and passive scanning capabilities. Designed to add minimal network overhead, it identifies application behavior that may be of interest to advanced testers:

  • Potential host header attacks (password reset poisoning, cache poisoning, DNS rebinding)
  • Edge side includes
  • XML input handling
  • Suspicious input transformation (eg 7*7 => ’49’, \x41\x41 => ‘AA’)
  • Passive-scanner issues that only occur during fuzzing (install the ‘Error Message Checks’ extension for maximum effectiveness)
  • Blind code injection via expression language, Ruby’s open() and Perl’s open()
  • CVE-2014-6271/CVE-2014-6278 ‘shellshock’ and CVE-2015-2080, CVE-2017-5638, CVE-2017-12629, CVE-2018-11776

It also provides insertion points for HTTP basic authentication.

To invoke these checks, just run a normal active scan.

The host header checks tamper with the host header, which may result in requests being routed to different applications on the same host. Exercise caution when running this scanner against applications in a shared hosting environment.

This extension requires Burp Suite Professional version 1.6 or later and Jython 2.5 or later standalone.

2. Authorize

As the name suggests, authorize extension helps in detecting the authorization vulnerabilities. Authorization vulnerabilities are one of the most time consuming vulnerability to check in web app pentesting.

Official Description

It is sufficient to give to the extension the cookies of a low-privileged user and navigate the website with a high privileged user. The extension automatically repeats every request with the session of the low-privileged user and detects authorization vulnerabilities.

It is also possible to repeat every request without any cookies in order to detect authentication vulnerabilities in addiction to authorization ones.

The plugin works without any configuration, but is also highly customizable, allowing configuration of the granularity of the authorization enforcement conditions and also which requests the plugin must test and which not. It is possible to save the state of the plugin and to export a report of the authorization tests in HTML or in CSV.

The reported enforcement statuses are the following:

  1. Bypassed! – Red color
  2. Enforced! – Green color
  3. Is enforced??? (please configure enforcement detector) – Yellow color

3. Flow

Basically, Burp suite don’t save all the requests with the help of this plugin you can save all the requests in burp suite.

Official description

This extension provides a Proxy history-like view along with search filter capabilities for all Burp tools.

Requests without responses received are also shown and they are later updated as soon as a response is received. This might be helpful to troubleshoot e.g. scanning issues.

Requests and responses are split into separate columns (Repeater-like view).

If required the extension window can be detached from the Burp UI.

Requires Java version 7.

4. Headless Burp

This extension allows you to use the Burp suite in headless or let’s say you can control Burp via command line.

Official Description

This extension allows you to run Burp Suite’s Spider and Scanner tools in headless mode via the command-line. It can:

  • Run burp scan in headless or GUI mode.
  • Specify target sitemap and add URL(s) to Burp’s target scope.
  • Use the seed request/response data saved in a project file, generated by any integration, functional or manual testing.
  • Mark issues as false positives, these will not be reported in the scan report anymore.
  • Spider the target scope.
  • Actively scan the target scope.
  • Generate a scan report in JUnit, HTML, or XML format. The JUnit report can be used to instruct the CI server to fail the build when vulnerabilities are found.
  • Shut down Burp

Get Usage Details from Official GitHub Repository https://github.com/NetsOSS/headless-burp

5. Logger ++

Logger++ is plugin like the proxy history in the burp suite, Basically, logger++ log all the responses from burp suite in real time.

Official Descrription

Logger++ is a multithreaded logging extension for Burp Suite. In addition to logging requests and responses from all Burp Suite tools, the extension allows advanced filters to be defined to highlight interesting entries or filter logs to only those which match the filter.

A built in grep tool allows the logs to be searched to locate entries which match a specified pattern, and extract the values of the capture groups.

To enable logs to be used in other systems, the table can also be uploaded to elasticsearch or exported to CSV.

Features:

  • Works with the latest version of Burp Suite (tested on 1.7.27)
  • Logs all the tools that are sending requests and receiving responses
  • Ability to log from a specific tool
  • Can save the results in CSV format
  • Ability to show results of custom regular expressions in request/response
  • User can customise the column headers
  • Advanced Filters can be created to display only requests matching a specific string or regex pattern
  • Row highlighting can be added using advanced filters to make interesting requests more visible
  • Grep through logs
  • Live requests and responses
  • Multiple view options
  • Pop out view panel
  • Multithreaded

Current Limitations:

  • Cannot log the requests’ actual time unless originating from proxy tool
  • Cannot calculate the actual delay between a request and its response unless originating from proxy tool

Conclusion

So, that’s it for this list. There are lot’s of extensions for burp suite, But these are some of the best. Take some time to discover how they work and then choose what to use according to your need. Hope you learned something good in this article.

For more check our blogs

About Cybervie

Cybervie provides best cyber security training program in hyderabad, India.This cyber security course enables you to detect vulnerablities of a system, wardoff attacks and manage emergency situations. Taking a proactive approach to security that can help organisations to protect their data, Cybervie has designed its training module based on the cyber security industry requirements with three levels of training in both offensive and defensive manner, and use real time scenarios which can help our students to understand the market up-to its standard certification which is an add on advantage for our students to stand out of competition in an cyber security interview.

More Info – Click Here

Share on facebook
Share on twitter
Share on linkedin
Share on whatsapp

Recent Posts

Follow Us on Youtube

Cyber Security Training Program 2020

Cyber security Course offered by Cybervie prepares students for a path of success in a highly demanding and rapidly growing field of cyber security. The course is completely designed with an adaptable mindset, where the program allows the student to complete the course work at their own pace while being able to complete weekly assignments. Hence, also making it convenient for busy working professionals to pursue the training to help them advance their career in cyber security.

Cybervie has designed the training module based on the cyber security industry requirements in both offensive and defensive manner, using real time scenarios which help our students to understand the market standards.

Sign up for our Newsletter

Interested in Cyber Security Training Program 2020 – Click Here