Burp

How to use Burp’s Bambda mode? +examples

The search functionality in a tool like HTTP proxy is one of the most important ones. Burp recently added the Bambda mode to filter requests using code. I’ve seen some people on Twitter praising this functionality. Thus, I took a look at the documentation and I...

Tips and tricks for Burp Suite Pro by @Agarri_FR

Working productively with Burp suite is key to allowing your mind to focus on the hacking itself and not the usage of the tool. In this talk on NorthSec 2023, Nicolas Grégoire shared a bunch of tricks in Burp but also in a few extensions. Watch the talk yourself here...

Burp extension to visualise flows

Some time ago, on BBRE Premium Discord, one of the members recommended the Burp extension from Doyensec to visualize flows in Burp. You can mark a few requests and the extension will generate a graph for you, marking requests with authentication, cookies, CORS, CSP...

DigitalOcean Droplet Proxy Burp Suite extension

Whenever I needed to proxy my Burp traffic through another IP address, I would just create an SSH tunnel to a VPS. Of course, the VPS would run all the time because I’m too lazy and it’s too cheap to turn it off and on every day. But Honoki created a Burp plugin that...

Setup for testing authorization bugs

Authorization testing is one of the security classes I rather dislike because it involves doing the same thing many times, hoping that one time it will work. Often, it’s very time-consuming. However, over the years, I became more effective with it. Today, I will share...

An undervalued Burp extension with enormous possibilities

Probably not many of you know about Burp’s extension called Piper. It’s a tool that allows you to pipe requests and responses in Burp into any terminal tool and show the output inside Burp. For example, you can make it automatically pipe any JSON request/response into...

Burp’s comparer inside repeater

Diff Last Response is an experimental extension in Burp’s which is kinda like having a comparer built-in to the repeater - it shows you what has changed in the response between the last 2 requests. It looks a bit odd because of the background the colour and the font...

burpsuite-project-file-parser

burpsuite-project-file-parser is an interesting tool to parse Burpsuite projects. It allows you to extract information from Burp’s project file to the terminal. You can then pipe it into other tools. I remember fighting with Burp to extract all URLs or JavaScript...

Using turbo intruder in “listen and attack” mode

Turbo intruder is a great addition to Burp. I wrote more about it here . Unlike the normal intruder, you control it using Python code. Turns out that from this code, you have access to Burp’s plugin API. Thus, you can also add new requests to the intruder queue from...