Burp Suite is a platform for conducting security audits of web applications. It includes tools for mapping web application structures, searching for files and folders, modifying requests, fuzzing, password brute-forcing, and more.

— Additionally, the BApp store is a marketplace containing extensions that enhance Burp’s functionality. In this post, we have selected five extensions that enhance the effectiveness of Burp Suite during web application penetration testing.

  1. ⚙️Software Vulnerability Scanner  
    — This extension displays public vulnerabilities for applications detected in the traffic proxied by Burp. Essentially, it acts as a layer between Burp and the API of this excellent vulnerability aggregator.

  2. ⚙️Backslash Powered Scanner
     — It complements Burp’s active scanner, using a novel approach capable of finding and confirming both known and unknown server-side injection vulnerabilities.

  3. ⚙️SQLiPy
    — A tool that integrates Burp Suite with SQLMap using the SQLMap API to check for SQL injection vulnerabilities.

  4. ⚙️Active Scan++
    — Expands the list of checks performed by the active and passive scanner. It identifies vulnerabilities such as cache poisoning, DNS rebinding, various injections, and conducts additional checks to detect XXE injections, among others.

  5. ⚙️Turbo Intruder
    — A faster counterpart to Intruder, equipped with a scripting engine for sending a large number of HTTP requests and analyzing the results. Useful when speed is essential!”