Burp suite: Top 5 Proffesional extensions


When you buy Burp Suite Proffesional edition, it unlocs several possibilites in terms of extensions we can use. Some of the Proffesional edition extensions can be extremly useful for both bug bounty hunters and penters alike so i've taken the time to go through a few of them for you. They are not ranked in any order, these just stand out as 5 extensions i would always have installed.

Active Scan ++

ActiveScan++ extends Burp Suite's active and passive scanning capabilities. Designed to add minimal network overhead, it identifies application behaviour that may be of interest to advanced testers:

It also adds checks for the following issues:

It also provides insertion points for HTTP basic authentication. To invoke these checks, just run a normal active scan. The host header checks tamper with the host header, which may result in requests being routed to different applications on the same host. Exercise caution when running this scanner against applications in a shared hosting environment. These attacks are very invasive and can adjust other people's data unintended.

CSRF scanner

This extension passively scans for CSRF vulnerabilties. It does return a lot of false positives but it beats having to check CSRF manually on every target for every funcationality.

J2EE scanner

Sometimes we encounter J2EE applications in the wild, these require a completly differnt tactic from our usual scanning methods and that's why this extension has been made. It uses new scanning techniques to identify vulnerabilities in J2EE applications that the normal scanner could not.

Test cases:

Reflected parameters

This is ofcourse super useful to test for reflected XSS entry points. This extension monitors traffic and looks for request parameter values (longer than 3 characters) that are reflected in the response. The extension monitors in-scope requests made by the Proxy and Spider tools. You can send reported items to other Burp tools. When sending an item to the Scanner, you can choose to scan all reflected parameters or only one reflected parameter.

Software version reporter

This plugin will report any software version that it encounters, this will help in finding vulnerabilities in certain software versions.