Tag: Burp Suite
-
The Pentester’s Co-Pilot: Revolutionizing Security Audits with Burp AI Agent
Burp AI Agent Burp AI Agent is an extension for Burp Suite that integrates AI capabilities into your security workflow. It offers: Pluggable Backends: Use local models (Ollama, LM Studio), generic OpenAI-compatible providers, or cloud providers (Gemini, Claude, OpenAI/Codex, OpenCode). Add custom backends via drop-in JARs. Privacy-First Design: Configurable redaction modes (Strict/Balanced/Off) to scrub sensitive…
-
Digital Archeology: GotMeta Unearths Hidden Data from Target Domains
GotMeta A Python tool for discovering, downloading, and extracting metadata from publicly available files on target domains. Useful for OSINT. Features File Finder – Find publicly available files on target domains Metadata Extraction – Extract all metadata using exiftool Multi-threaded Downloads – Fast concurrent file downloads (default 5 threads) Proxy Support – Route through Burp Suite or other proxies…
-
Lightning Strike: Testing Salesforce Security with the Auraditor Extension
Auraditor A Burp Suite extension for security testing Salesforce Lightning and Aura framework applications. Features Request Editor View and edit Aura actions in HTTP requests Add and remove actions using tabs Edit controller names and method names Modify JSON parameters for each action Choose how to handle invalid JSON Copy, cut, and paste in text…
-
Unmasking the Code: JS Analyzer Automates JavaScript Recon & Secret Discovery
JS Analyzer A powerful Burp Suite extension for JavaScript static analysis. Extracts API endpoints, URLs, secrets, and email addresses from JavaScript files with intelligent noise filtering. The goal is reduce noise as much as possible to ensure the accuracy. Features Endpoint Detection – Finds API paths, REST endpoints, OAuth URLs, admin routes URL Extraction – Extracts full…
-
burpgpt: leverages the power of AI to detect security vulnerabilities
burpgpt burpgpt leverages the power of AI to detect security vulnerabilities that traditional scanners might miss. It sends web traffic to an OpenAI model specified by the user, enabling sophisticated analysis within the passive scanner. This extension offers customisable prompts that enable tailored web traffic analysis to meet the specific needs of each user. Check out the Example Use Cases section…
-
ReconAIzer: leverages OpenAI to help bug bounty hunters optimize their recon process
ReconAIzer ReconAIzer is a powerful Jython extension for Burp Suite that leverages OpenAI to help bug bounty hunters optimize their recon process. This extension automates various tasks, making it easier and faster for security researchers to identify and exploit vulnerabilities. Once installed, ReconAIzer adds a contextual menu and a dedicated tab to see the results:…
-
Jxscout: Unleash JavaScript’s Hidden Vulnerabilities with This Powerful Analysis Tool
jxscout is a tool designed to help security researchers analyze and find vulnerabilities in JavaScript code. It works with your favorite proxy (Burp or Caido), capturing requests and saving optimized versions locally for easy analysis in your preferred code editor. Key Features Asset Organization: Automatically saves and organizes relevant static assets (HTML, JavaScript) into an intuitive…
-
Verizon Burp Extensions: Powering AI Security Testing with Jython Tools
This repository contains a suite of Burp Suite extensions developed in Jython, designed to enhance the capabilities of penetration testers and security researchers when interacting with AI applications and performing prompt-based security testing. The extensions are supported by a backend API for processing, augmentation, and analysis tasks. Extensions Included Prompt Augmenter Payload Processor Generates prompt…
-
Pentest Mapper: Burp Suite Extension for Application Penetration Testing
Pentest Mapper Pentest Mapper is a Burp Suite extension that integrates the Burp Suite request logging with a custom application testing checklist. The extension provides a straightforward flow for application penetration testing. The extension includes functionalities to allow users to map the flow of the application for pentesting to better analyse the application and its…
-
Blinks: Streamline Security Testing, Automate Burp Suite Pro Scans
Blinks Blinks is a powerful Burp Suite extension that automates active scanning with Burp Suite Pro and enhances its functionality. With the integration of webhooks, this tool sends real-time updates whenever a new issue is identified, directly to your preferred endpoint. No more waiting for final reports – you get instant, actionable insights! Feature Blinks runs…
-
PyCript: Burp Suite extension that allows for bypassing client-side encryption
PyCript The Pycript extension for Burp Suite is a valuable tool for penetration testing and security professionals. It enables easy encryption and decryption of requests during testing, which can help evade detection and bypass security measures. The extension also offers the ability to customize the encryption and decryption process by writing custom logic using JavaScript…