Customize burp behavior using your own or third party code

Burp Extensions

Extensions

.NET Beautifier

403 Bypasser

5GC API Parser

Active Scan++

Add & Track Custom Issues

Add Custom Header

Add to SiteMap+

Additional CSRF Checks

Additional Scanner Checks

Adhoc Payload Processors

AES Killer, decrypt AES traffic on the fly

AES Payloads

Anti-CSRF Token From Referer

Asset Discovery

Attack Surface Detector

Auth Analyzer

Authentication Token Obtain and Replace

AuthMatrix

Authz

Auto-Drop Requests

AutoRepeater

Autorize

Autowasp

AWS Security Checks

AWS Signer

AWS Sigv4

Backslash Powered Scanner

Backup Finder

Batch Scan Report Generator

BeanStack - Stack-trace Fingerprinter

Professional

Blazer

Bookmarks

Bradamsa

Brida, Burp to Frida bridge

Broken Link Hijacking

Professional

Browser Repeater

Buby

Professional

BugPoC

Burp Bounty, Scan Check Builder

Professional

Burp Chat

Burp CSJ

Burp Share Requests

Burp2Slack

Burp2Telegram

BurpCrypto, Encryption Payload Processor

BurpelFish

Burp-hash

Professional

BurpSmartBuster

Bypass WAF

Carbonator

Clipboard Repeater

Cloud Storage Tester

CMS Scanner

CO2

Code Dx

Collabfiltrator

Professional

Collaborator Everywhere

Professional

Command Injection Attacker

Commentator

Content Type Converter

Cookie Decrypter

Professional

Copy As Go Request

Copy as Node Request

Copy as PowerShell Requests

Copy As Python-Requests

Copy Request Response

CORS*, Additional CORS Checks

Professional

Crypto Messages Handler

Cryptojacking Mine Sweeper

Professional

CSP Auditor

CSP-Bypass

Professional

CSRF Scanner

Professional

CSRF Token Tracker

CSTC, Modular HTTP Manipulator

CSurfer

Custom Logger

Custom Parameter Handler

Custom Send To

CustomDeserializer

Customizer

CVSS Calculator

Cypher Injection Scanner

Decoder Improved

Decompressor

Detect Dynamic JS

Professional

Diff Last Response

Directory Importer

Discover Reverse Tabnabbing

Distribute Damage

Dradis Framework

Professional

ElasticBurp

Error Message Checks

Professional

EsPReSSO

ExifTool Scanner

ExtendedMacro

Faraday

Fast Infoset Tester

File Upload Traverser

Professional

Filter Options Method

Flow

Freddy, Deserialization Bug Finder

Professional

GadgetProbe

GAT Security Platform Integration

Professional

Git Bridge

Google Authenticator

Google Hack

GraphQL Raider

Professional

GWT Insertion Points

HackBar, Payload Bucket

Hackvertor

Handy Collaborator

Hashcat Maskprocessor Intruder Payloads

Headers Analyzer

Professional

Headless Burp

HeartBleed

Highlighter And Extractor

HTML5 Auditor

HTTP Digest Auth

HTTP Methods Discloser

HTTP Mock

HTTP Request Smuggler

HTTPoxy Scanner

Hunt Scanner

Identity Crisis

Professional

IIS Tilde Enumeration Scanner

Professional

Image Location and Privacy Scanner

Professional

Image Metadata

Image Size Issues

Import To Sitemap

InQL - Introspection GraphQL Scanner

Intruder Time Payloads

IP Rotate

iRule Detector

Professional

Issue Poster

Professional

J2EEScan

Java Deserialization Scanner

Java Serial Killer

Java Serialized Payloads

Contents
JavaScript Security
Request/Response
Professional
Issues
JCryption Handler
Advisory
JQ
Site Map
JS Link Finder
define in scope targets for your current work.This configuration affects the behavior
of tool through out the suite
Professional
Target Scope JS Miner
Scope Professional
OS command injection
JSON Decoder
SQL injection
JSON Query
SQL injection (second order) JSON Web Token Attacker
ASP.NET tracing enabled JSON Web Tokens
File path traversal
JSWS Parser
XML external entity injection
JVM Property Editor
LDAP injection JWT Editor
XPath injection Kerberos Authentication
XML injection
Lair
ASP.NET debugging enabled
Professional
HTTP PUT method is enabled Length Extension Attacks
Out-of-band resource load (HTTP) LightBulb WAF Auditing Framework
File path manipulation
Log Requests to SQLite
PHP code injection
Log Viewer
Server-side JavaScript code injection Log4Shell Everywhere
Perl code injection Professional
Ruby code injection
Logger++
Python code injection
Manual Scan Issues
Expression Language injection Professional
Unidentified code injection Match/Replace Session Action
Server-side template injection
MessagePack
SSI injection
Meth0dMan
Cross-site scripting (stored) MindMap Exporter
HTTP request smuggling Multi Session Replay
Client-side desync
Multi-Browser Highlighting
Web cache poisoning
Nessus Loader
HTTP response header injection NGINX Alias Traversal
Cross-site scripting (reflected) Professional
Client-side template injection
NMAP Parser
Cross-site scripting (DOM-based)
Non HTTP Proxy (NoPE)
Cross-site scripting (reflected DOM-based) NoSQLi Scanner
Cross-site scripting (stored DOM-based) Professional
Client-side prototype pollution
Notes
JavaScript injection (DOM-based)
NTLM Challenge Decoder
JavaScript injection (reflected DOM-based) Nuclei Burp Integration
JavaScript injection (stored DOM-based) Nuclei Template Generator Plugin
Path-relative style sheet import
Nucleus Burp Extension
Client-side SQL injection (DOM-based)
Professional
Client-side SQL injection (reflected DOM-based) OAUTH Scan
Client-side SQL injection (stored DOM-based) OAuth2 Token Grabber
WebSocket URL poisoning (DOM-based)
OAuthv1 Authentication
WebSocket URL poisoning (reflected DOM-based)
Office Open XML Editor
WebSocket URL poisoning (stored DOM-based) OpenAPI Parser
Local file path manipulation (DOM-based) Padding Oracle Hunter
Local file path manipulation (reflected DOM-based)
Param Miner
Local file path manipulation (stored DOM-based)
Paramalyzer
Client-side XPath injection (DOM-based) ParrotNG
Client-side XPath injection (reflected DOM-based) Payload Parser
Client-side XPath injection (stored DOM-based)
Pcap Importer
Client-side JSON injection (DOM-based)
Professional
Client-side JSON injection (reflected DOM-based) PDF Metadata
Client-side JSON injection (stored DOM-based) Professional
Flash cross-domain policy
PDF Viewer
Silverlight cross-domain policy
Peach API Integration
Cross-origin resource sharing Pentagrid Scan Controller
Cross-origin resource sharing: arbitrary origin trusted Professional
Cross-origin resource sharing: unencrypted origin trusted
Pentest Mapper
Cross-origin resource sharing: all subdomains trusted
PeopleSoft Token Extractor
Cross-site request forgery PHP Object Injection Check
SMTP header injection PHP Object Injection Slinger
JWT signature not verified
pip3line
JWT none algorithm supported
Piper
JWT self-signed JWK header supported Postman Integration
JWT weak HMAC secret Potential Vulnerability Indicator
JWT arbitrary jku header supported
Progress Tracker
JWT arbitrary x5u header supported
Protobuf Decoder
Cleartext submission of password Proxy Action Rules
External service interaction (DNS) Proxy Auto Config
External service interaction (HTTP)
PsychoPATH
External service interaction (SMTP)
Python Scripter
Referer-dependent response Qualys WAS
Spoofable client IP address Professional
User agent-dependent response
Quicker Context
Password returned in later response
Quoted-Printable Parser
Password submitted using GET method Professional
Password returned in URL query string Random IP Address Header
SQL statement in request parameter
Reflected File Download Checker
Cross-domain POST
Reflected Parameters
ASP.NET ViewState without MAC enabled Professional
XML entity expansion Reissue Request Scripter
Long redirection response
Replicator
Serialized object in HTTP message
Report To Elastic Search
Duplicate cookies set Professional
Input returned in response (stored) Request Highlighter
Input returned in response (reflected)
Request Randomizer
Suspicious input transformation (reflected)
Request Timer
Suspicious input transformation (stored) Reshaper
Request URL override Response Grepper
Vulnerable JavaScript dependency
Response Overview
Open redirection (reflected)
Response Pattern Matcher
Open redirection (stored) Retire.js
Open redirection (DOM-based) Professional
Open redirection (reflected DOM-based)
Reverse Proxy Detector
Open redirection (stored DOM-based)
RouteVulScan
TLS cookie without secure flag set Professional
Cookie scoped to parent domain Same Origin Method Execution
Cross-domain Referer leakage
SameSite Reporter
Cross-domain script include
Professional
Cookie without HttpOnly flag set SAML Editor
Session token in URL SAML Encoder / Decoder
Password field with autocomplete enabled
SAML Raider
Password value set in cookie
SAMLReQuest
File upload functionality San Scanner
Frameable response (potential Clickjacking) Scan manual insertion point
Browser cross-site scripting filter disabled
Scope Monitor
HTTP TRACE method is enabled
Sensitive Discoverer
Cookie manipulation (DOM-based) Professional
Cookie manipulation (reflected DOM-based) Sentinel
Cookie manipulation (stored DOM-based)
Professional
Ajax request header manipulation (DOM-based)
Session Auth
Ajax request header manipulation (reflected DOM-based) Professional
Ajax request header manipulation (stored DOM-based) Session Timeout Test
Denial of service (DOM-based)
Session Tracking Checks
Denial of service (reflected DOM-based)
Professional
Denial of service (stored DOM-based) Sharpener
HTML5 web message manipulation (DOM-based) Similar Request Excluder
HTML5 web message manipulation (reflected DOM-based)
Site Map Extractor
HTML5 web message manipulation (stored DOM-based)
Site Map Fetcher
HTML5 storage manipulation (DOM-based) Software Version Reporter
HTML5 storage manipulation (reflected DOM-based) Professional
HTML5 storage manipulation (stored DOM-based)
Software Vulnerability Scanner
Link manipulation (DOM-based)
Professional
Link manipulation (reflected DOM-based) Source Mapper
Link manipulation (stored DOM-based) SpyDir
Link manipulation (reflected)
SQLi Query Tampering
Link manipulation (stored)
SQLiPy Sqlmap Integration
Document domain manipulation (DOM-based) SQLMap DNS Collaborator
Document domain manipulation (reflected DOM-based) Professional
Document domain manipulation (stored DOM-based)
SRI Check
DOM data manipulation (DOM-based)
Professional
DOM data manipulation (reflected DOM-based) SSL Scanner
DOM data manipulation (stored DOM-based) Stepper
CSS injection (reflected)
Subdomain Extractor
CSS injection (stored)
Taborator
Client-side HTTP parameter pollution (reflected) Professional
Client-side HTTP parameter pollution (stored) Target Redirector
Form action hijacking (reflected)
ThreadFix
Form action hijacking (stored)
Professional
Database connection string disclosed Timeinator, Time Based Attacker
Source code disclosure Timestamp Editor
Backup file
Token Extractor
Directory listing
Token Incrementor
Email addresses disclosed TokenJar
Private IP addresses disclosed Turbo Data Miner
Social security numbers disclosed
Turbo Intruder
Credit card numbers disclosed
Upload Scanner
Private key disclosed Professional
Robots.txt file UPnP Hunter
Json Web Key Set disclosed
UUID Detector
JWT private key disclosed
ViewState Editor
Cacheable HTTPS response WAF Cookie Fetcher
Base64-encoded data in parameter WAFDetect
Multiple content types specified
Wayback Machine
HTML does not specify charset
WCF Deserializer
HTML uses unrecognized charset Web Cache Deception Scanner
Content type incorrectly stated WebAuthn CBOR Decoder
Content type is not specified
WebInspect Connector
TLS certificate
WebSphere Portlet State Decoder
Unencrypted communications Wordlist Extractor
Strict transport security not enforced WordPress Scanner
Mixed content
WS Security
Hidden HTTP 2
WSDL Wizard
Extension generated issue Wsdler
Issue Definations XChromeLogger Decoder

XSS Validator
Target
Yara

YesWeBurp
This function lets you do a word or byte level comparison between different data.
You can load ,paste or send data here from other tools and then select the Bapp Store
comparison you want to perform
IBurpCollaboratorClientContext
Comparer IBurpCollaboratorInteraction

IBurpExtender
Send requests here from other tools to configure a live capture . select a request to IBurpExtenderCallbacks
use, configure the other options below, then click "start live capture"
IContextMenuFactory
Select live capture request
IContextMenuInvocation
Select the location in the response where token appear.
ICookie
Token location within response
IExtensionHelpers
These setting control the engine used for making http request and harvesting tokens
IExtensionStateListener
Live capture options
IHttpHeader
Live Capture
IHttpListener
This function allows you to load sequencer with a sample of tokens that you already
obtained and then perform the statistical analysis on the sample. IHttpRequestResponse
Manual Load IHttpRequestResponsePersisted

These settings control how tokens are handled during analysis IHttpRequestResponseWithMarkers

Token Handling IHttpService

Character level analysis IInterceptedProxyMessage

Bit level analysis IIntruderAttack

Token Analysis IIntruderPayloadGenerator
Analysis Options IIntruderPayloadGeneratorFactory

IIntruderPayloadProcessor
Sequencer
IMenuItemHandler

IMessageEditor
These settings let you configure burp to automatically carry out platform
authentication to destination web servers. IMessageEditorController
Platform Authentication IMessageEditorTab

The following whether burp sends each outgoing request to a proxy server, or IMessageEditorTabFactory
directly to the destination web server. The first rule that matches each destination
host will be used. To send all traffic to a single proxy server. Create a rule with * as IParameter
the destination host.
IProxyListener
Upstream Proxy Servers
IRequestInfo
These settings burp to use a socks proxy. This settings is applied at the tcp level and
all outbound requests will be send via this proxy. If you configured rules for IResponseInfo
upstream http proxy servers , then requests to upstream proxies will be sent via the
socks proxy configured here. IResponseKeywords

Socks Proxy IResponseVariations

Connections IScanIssue

These settings can be used to enable certain TLS features that might be needed to IScannerCheck
successfully connect to some servers.
IScannerInsertionPoint
Java TLS Options
IScannerInsertionPointProvider
These settings let you configure the client TLS certificates that burp will use when a
destination host requests one. Burp will use the first certificate in the list whose list IScannerListener
host configuration matches the name of the host being contacted.
IScanQueueItem
Client TLS Certificates
IScopeChangeListener
TLS
ISessionHandlingAction
These settings let you control the appearance of burp’s user interface.
ITab
User Interface
ITempFile
These settings let you control how http messages are displayed within the raw http
viewer/editor. ITextEditor

HTTP Message Display API

These settings control how burp handles different character sets when displaying These settings control how burp handles extensions on startup.
raw HTTP messages.
Settings
Character Sets
These settings let you configure environment for executing extensions that are
These settings control how burp handles in too; rendering of html content. written in java .If your extensions use any libraries you can specify a folder from
which libraries will be loaded.
HTML Rendering
Java Environment
Display
These settings let you configure the environment for executing extensions that are
These settings let you configure hotkeys for common actions. These includes item- written python. To use python extensions you will need to download jython which is a
specific actions such as “send to repeater”. python interpreter implement in java.

Hotkeys Python Environment

Automatic project backup saves a copy of the burp project file periodically in the These settings let you configure the environment for executing extensions that are
background. written in ruby. Interpreter implement in java.

Automatic Project Backup Ruby Environment

These settings let you configure where burp stores its temporary files. Changes will Options
take effect the next time burp starts up.

Temporary Files Location Extender

The REST API can be used by other tools to integrate with burp suite.

REST API Request

This setting controls the state of proxy interception at startup Response

Proxy Interception
Repeater
This setting controls whether adding items to target scope will automatically set the
proxy option to stop sending out-of-scope items to the history or other burp tools.

Proxy History Logging New Scan

You can help improve burp by submitting anonymous feedback about burp’s Live Passive Crawl From Proxy (all traffic)
performance.
Live Audit From Proxy(all traffic)
Performance Feedback
New Live Scan
This setting controls burp’s update behaviour.
Tasks
Update(installer version only)
Event Log
Misc
Issue Activity

User Options Advisory

Dashboard
URL

HTML
Forward
Base64
Drop
ASCII Hex
Intercept On
Hex
Scan
Octal
Do Active Scan
Binary
Do Passive Scan
GZip
Send to Intruder
Decode
Send to Repeater
URL
Send to Squencer
HTML
Send to Decode
Base64
Send to Comparer
ASCII Hex
Show Response in Browser
Hex
Request in Browser
Octal
Guess GET parameters
Binary
Guess cookie parameters
GZip
Guess headers
Encode
Guess everything
SHA-1
Guess Params
SHA-384
Header poison
HARAKA-256
Port-DOS
SKEIN-512-256
Unkeyed Param
SKEIN-1024-384
Fat GET
BLAKE2B-160
Normalised Param
KECCAK-288
Normalised Path
WHIRL POOL
Rails Param Cloaking Scan
Hash
Identify Header Smuggling Mutations
Smart Decode
Param Miner

Decoder Send to Extractor

Engagement Tools

Configure the details of the target for the attack Copy Url

Attack Target Copy as Curl Command

Target Copy to File

Sniper Save Item

Cluster Bomb Save Entire History

Pitchfork Paste URL as Request

Battering Ram Add to Site Map

Attack Type Cut

Positions Copy

You can define one or more payload sets. The number of payload sets depends on Paste
the attacks types defined in the positions tab. Various payload types are available
for each payload set and each payload type can be customized in different ways. Message Editor Document

Payload Sets Burp Repeater Document

This payload type lets you configure simple list of strings that are used as Payloads. Action

Payload Options Open Browser

You can define rules to perform various processing tasks on each payload before it Intercept
is used.
HTTP History
Payload Processing
WebSocket History
This setting can be used to URL-encode selected characters within the final payload,
for safe transmission within HTTP requests. Burp proxy uses listeners to receive incoming HTTP requests from your browser.

Payload Encoding Proxy Listners

Payloads Use these settings to control which requests are stalled for viewing and editing in the
intercept tab.
These settings control whether intruder updates the configured request headers
during attacks. Intercept Client Requests

Request Headers Use these to control which responses are stalled for viewing and editing in the
intercept tab.
These setting control the engine used by making http request when performing
attacks. Intercept Server Responses

Request Engine Use these settings to control which websockets messages are stalled for viewing and
editing in the intercept tab
These settings control what information is captured in attack results.
Intercepts WebSockets Messages
Attack Result
These settings are used to perform automatic of responses.
These settings can used to flag result item containing specified expressions.
Response Modification
Grep-Match
These settings are used to automatically replace parts of requests and responses
These settings can be useful information from responses into the attack results table. passing through the proxy.

Grep-Extract Match & Replace

These setting can be used to flag result items containing reflections of the These settings are used to specify destination web servers for which burp will
submitted payload directly pass through TLS connections.

Grep-Payloads TLS Pass Through

These setting control how burp handles redirections when performing attacks. These settings control some specific details of burp proxy’s behaviour.

Redirections Miscellaneous

Options Options

Intruder Proxy

Burp Suite

@hackinarticles https://github.com/Ignitetechnologies https://in.linkedin.com/company/hackingarticles