Burp suite: Top 5 Community edition extensions


When you use Burp Suite Community edition, there are several possibilites in terms of extensions we can use, however we are more limited. Some of the Proffesional edition extensions can be extremly useful for both bug bounty hunters and penters alike but the community edition certainly has some usefull extensions as well.

Add custom headers

Sometimes our targets require us to add custom headers, this usefull extension allows us to that easily.


This amazing extension allows us to easily test for BAC and IDOR. We have a seperate chapter on this extension.

Bypass WAF

This extension add headers to all Burp requests to bypass some WAF products. The following headers are automatically added to all requests:


Headless mode

This extension allows you to run Burp Suite's Spider and Scanner tools in headless mode via the command-line. It can:

IP Rotate

This extension allows you to easily spin up API Gateways across multiple regions. All the Burp Suite traffic for the targeted host is then routed through the API Gateway endpoints which causes the IP to be different on each request. (There is a chance for recycling of IPs but this is pretty low and the more regions you use the less of a chance).

This is useful to bypass different kinds of IP blocking like bruteforce protection that blocks based on IP, API rate limiting based on IP or WAF blocking based on IP etc.

For more information see Bypassing IP Based Blocking Using AWS