Search the Community

Burp Suite Professional 2023.5.1 Burp Suite Professional is the web security tester's toolkit of choice. Use it to automate repetitive testing tasks - then dig deeper with its expert-designed manual and semi-automated security testing tools. Burp Suite Professional can help you to test for OWASP Top 10 vulnerabilities - as well as the very latest hacking techniques. Automate and save time Smart automation works in concert with expert-designed manual tools, to save you time. Optimize your workflow, and do more of what you do best. Increase scan coverage Burp Scanner is designed to test feature rich modern web applications. Scan JavaScript, test APIs, and record complex authentication sequences. Minimize false positives Ultra reliable out-of-band application security testing (OAST) can find many otherwise invisible vulnerabilities. Burp Suite Professional makes it easy. Find vulnerabilities others can't Push the boundaries of web security testing - by being first to benefit from the work of PortSwigger Research. Frequent releases keep you ahead of the curve. Be more productive when testing Benefit from a toolkit designed and used by professional testers. Productivity features like project files - and a powerful search function - improve efficiency and reliability. Share findings with those who need them Simplify the documentation and remediation process, and produce reports that end users will want to consume. Good security testing doesn't end at discovery. Adapt your toolkit to suit your needs Access a wealth of advice, and hundreds of pre-written BApp extensions, as a member of Burp Suite Professional's huge worldwide user community. Create your own functionality A powerful API gives you access to core Burp Suite Professional functionality. Use it to create your own extensions - and integrate with existing tooling. Customize the way you work Whether you'd rather work in dark mode or want to use custom scan configurations, we've got you covered. Burp Suite Professional is made to be customized. [Hidden Content] Download: [hide][Hidden Content]] Password: level23hacktools.com Burp Suite Professional 2023.5.1  [FULL + KeyGen + Loader] Released Friday, 19 May 2023 [License Expires 31 Dic 2099]

HaE is used to highlight HTTP requests and extract information from HTTP response messages or request messages. The plugin can custom regular expressions to match HTTP response messages. You can decide for yourself whether the corresponding request that meets the custom regular expression match needs to be highlighted and information extracted. Note: The use of HaE requires a basic regular expression foundation for testers. Since the Java regular expression library is not as elegant or convenient as Python when using regular expressions, HaE requires users to use () to extract what they need The expression content contains; for example, if you want to match a response message of a Shiro application, the normal matching rule is rememberMe=delete, if you want to extract this content, you need to become (rememberMe=delete). [hide][Hidden Content]]

A BurpSuite plugin intended to help with nuclei template generation. Features Template matcher generation Word and Binary matcher creation using selected response snippets from Proxy history or Repeater contexts Multi-line selections are split to separate words for readability Binary matchers are created for selections containing non-ASCII characters The part field is auto-set based on whether the selection was in the request header or body Every generated template auto-includes a Status matcher, using the HTTP status code of the response Request template generation In the Intruder tab, selected payload positions can be used to generate request templates, using one of the following attack types: Battering ram, Pitchfork or Cluster bomb The selected text snippet from an HTTP request under the Proxy or Repeater tab can be used to generate a request template with the attack type defaulting to Battering ram Template execution Generated templates can be executed instantly, and the output is shown in the same window for convenience The plugin auto-generates the CLI command, using the absolute nuclei path, absolute template path and target information extracted from the desired request History of unique, executed commands are stored, can be quick searched and re-executed within the current session Experimental features (Non-contextual) YAML property and value auto-complete, using reserved words from the nuclei JSON schema Syntax highlighting of YAML properties, based on reserved words Productivity Almost every action can be triggered using keyboard shortcuts: F1: open nuclei template documentation Ctrl + Enter: execute current template Ctrl + Shift + E: jump to the template editor Ctrl + L: jump to the CLI input field Ctrl + S: save the current template Ctrl + Plus/Minus: increase/decrease font size Ctrl + Q: quit The template path is auto-updated if the template is saved to a new location The template-id is recommended as file name when saving Settings The plugin attempts to auto-detect and complete the configuration values The code searches for the nuclei binary path, using the values from the process’s environmental PATH variable. Note: the BurpSuite binary, opposed to the stand-alone BurpSuite jar, might not have access to the current users’s PATH variable. The target template path is calculated based on the default nuclei template directory, configured under <USER_HOME>/.config/nuclei/.templates-config.json The name of the currently logged-in operating system user is used as a default value for the template author configuration Look and feel The template generator window supports Dark and Light themes. The presented theme is chosen based on the selected BurpSuite theme, under User Options Support for colored nuclei output Modifiable font size in the template editor and command output Changelog v1.1.1 Fixed a bug on windows with path not correctly updating after saving by @forgedhallpass in #53 [hide][Hidden Content]]

HaE is used to highlight HTTP requests and extract information from HTTP response messages or request messages. The plugin can custom regular expressions to match HTTP response messages. You can decide for yourself whether the corresponding request that meets the custom regular expression match needs to be highlighted and information extracted. Note: The use of HaE requires a basic regular expression foundation for testers. Since the Java regular expression library is not as elegant or convenient as Python when using regular expressions, HaE requires users to use () to extract what they need The expression content contains; for example, if you want to match a response message of a Shiro application, the normal matching rule is rememberMe=delete, if you want to extract this content, you need to become (rememberMe=delete). [hide][Hidden Content]]

HaE is used to highlight HTTP requests and extract information from HTTP response messages or request messages. The plugin can custom regular expressions to match HTTP response messages. You can decide for yourself whether the corresponding request that meets the custom regular expression match needs to be highlighted and information extracted. Note: The use of HaE requires a basic regular expression foundation for testers. Since the Java regular expression library is not as elegant or convenient as Python when using regular expressions, HaE requires users to use () to extract what they need The expression content contains; for example, if you want to match a response message of a Shiro application, the normal matching rule is rememberMe=delete, if you want to extract this content, you need to become (rememberMe=delete). [hide][Hidden Content]]

HaE is used to highlight HTTP requests and extract information from HTTP response messages or request messages. The plugin can custom regular expressions to match HTTP response messages. You can decide for yourself whether the corresponding request that meets the custom regular expression match needs to be highlighted and information extracted. Note: The use of HaE requires a basic regular expression foundation for testers. Since the Java regular expression library is not as elegant or convenient as Python when using regular expressions, HaE requires users to use () to extract what they need The expression content contains; for example, if you want to match a response message of a Shiro application, the normal matching rule is rememberMe=delete, if you want to extract this content, you need to become (rememberMe=delete). [Hidden Content]

HaE is used to highlight HTTP requests and extract information from HTTP response messages or request messages. The plugin can custom regular expressions to match HTTP response messages. You can decide for yourself whether the corresponding request that meets the custom regular expression match needs to be highlighted and information extracted. Note: The use of HaE requires a basic regular expression foundation for testers. Since the Java regular expression library is not as elegant or convenient as Python when using regular expressions, HaE requires users to use () to extract what they need The expression content contains; for example, if you want to match a response message of a Shiro application, the normal matching rule is rememberMe=delete, if you want to extract this content, you need to become (rememberMe=delete). [hide][Hidden Content]]

HaE is used to highlight HTTP requests and extract information from HTTP response messages or request messages. The plugin can custom regular expressions to match HTTP response messages. You can decide for yourself whether the corresponding request that meets the custom regular expression match needs to be highlighted and information extracted. Note: The use of HaE requires a basic regular expression foundation for testers. Since the Java regular expression library is not as elegant or convenient as Python when using regular expressions, HaE requires users to use () to extract what they need The expression content contains; for example, if you want to match a response message of a Shiro application, the normal matching rule is rememberMe=delete, if you want to extract this content, you need to become (rememberMe=delete). [hide][Hidden Content]]

HaE is used to highlight HTTP requests and extract information from HTTP response messages or request messages. The plugin can custom regular expressions to match HTTP response messages. You can decide for yourself whether the corresponding request that meets the custom regular expression match needs to be highlighted and information extracted. Note: The use of HaE requires a basic regular expression foundation for testers. Since the Java regular expression library is not as elegant or convenient as Python when using regular expressions, HaE requires users to use () to extract what they need The expression content contains; for example, if you want to match a response message of a Shiro application, the normal matching rule is rememberMe=delete, if you want to extract this content, you need to become (rememberMe=delete). [hide][Hidden Content]]

HaE is used to highlight HTTP requests and extract information from HTTP response messages or request messages. [hide][Hidden Content]]

HaE is used to highlight HTTP requests and extract information from HTTP response messages or request messages. The plugin can custom regular expressions to match HTTP response messages. You can decide for yourself whether the corresponding request that meets the custom regular expression match needs to be highlighted and information extracted. Note: The use of HaE requires a basic regular expression foundation for testers. Since the Java regular expression library is not as elegant or convenient as Python when using regular expressions, HaE requires users to use () to extract what they need The expression content contains; for example, if you want to match a response message of a Shiro application, the normal matching rule is rememberMe=delete, if you want to extract this content, you need to become (rememberMe=delete). [hide][Hidden Content]]

HaE is used to highlight HTTP requests and extract information from HTTP response messages or request messages. The plugin can custom regular expressions to match HTTP response messages. You can decide for yourself whether the corresponding request that meets the custom regular expression match needs to be highlighted and information extracted. Note: The use of HaE requires a basic regular expression foundation for testers. Since the Java regular expression library is not as elegant or convenient as Python when using regular expressions, HaE requires users to use () to extract what they need The expression content contains; for example, if you want to match a response message of a Shiro application, the normal matching rule is rememberMe=delete, if you want to extract this content, you need to become (rememberMe=delete). [hide][Hidden Content]]

HaE is used to highlight HTTP requests and extract information from HTTP response messages or request messages. The plugin can custom regular expressions to match HTTP response messages. You can decide for yourself whether the corresponding request that meets the custom regular expression match needs to be highlighted and information extracted. Note: The use of HaE requires a basic regular expression foundation for testers. Since the Java regular expression library is not as elegant or convenient as Python when using regular expressions, HaE requires users to use () to extract what they need The expression content contains; for example, if you want to match a response message of a Shiro application, the normal matching rule is rememberMe=delete, if you want to extract this content, you need to become (rememberMe=delete). [hide][Hidden Content]]

HaE is used to highlight HTTP requests and extract information from HTTP response messages or request messages. The plugin can custom regular expressions to match HTTP response messages. You can decide for yourself whether the corresponding request that meets the custom regular expression match needs to be highlighted and information extracted. Note: The use of HaE requires a basic regular expression foundation for testers. Since the Java regular expression library is not as elegant or convenient as Python when using regular expressions, HaE requires users to use () to extract what they need The expression content contains; for example, if you want to match a response message of a Shiro application, the normal matching rule is rememberMe=delete, if you want to extract this content, you need to become (rememberMe=delete). [hide][Hidden Content]]

Burpcrypto is a collection of burpsuite encryption plug-ins, supporting AES/RSA/DES/ExecJs(execute JS encryption code in burpsuite). Usage Add this jar to your burpsuite’s Extensions. Switch to the BurpCrypto tab, select you to need the Cipher tab. Set key or some value. Press “Add processor”, and give a name for this processor. Switch to Intruder->Payloads->Payload Processing. Press “Add”, select “Invoke Burp extension”, and the select processor you just created. Press “Start attack”, have fun! Changelog v0.1.9.1 Fix rsa dead loop issue (#16) [hide][Hidden Content]]

HaE – Highlighter and HaE is used to highlight HTTP requests and extract information from HTTP response messages or request messages. The plugin can custom regular expressions to match HTTP response messages. You can decide for yourself whether the corresponding request that meets the custom regular expression match needs to be highlighted and information extracted. Note: The use of HaE requires a basic regular expression foundation for testers. Since the Java regular expression library is not as elegant or convenient as Python when using regular expressions, HaE requires users to use () to extract what they need The expression content contains; for example, if you want to match a response message of a Shiro application, the normal matching rule is rememberMe=delete, if you want to extract this content, you need to become (rememberMe=delete). [hide][Hidden Content]]

HaE is used to highlight HTTP requests and extract information from HTTP response messages or request messages. The plugin can custom regular expressions to match HTTP response messages. You can decide for yourself whether the corresponding request that meets the custom regular expression match needs to be highlighted and information extracted. Note: The use of HaE requires a basic regular expression foundation for testers. Since the Java regular expression library is not as elegant or convenient as Python when using regular expressions, HaE requires users to use () to extract what they need The expression content contains; for example, if you want to match a response message of a Shiro application, the normal matching rule is rememberMe=delete, if you want to extract this content, you need to become (rememberMe=delete). [hide][Hidden Content]]

HaE is used to highlight HTTP requests and extract information from HTTP response messages or request messages. The plugin can custom regular expressions to match HTTP response messages. You can decide for yourself whether the corresponding request that meets the custom regular expression match needs to be highlighted and information extracted. Note: The use of HaE requires a basic regular expression foundation for testers. Since the Java regular expression library is not as elegant or convenient as Python when using regular expressions, HaE requires users to use () to extract what they need The expression content contains; for example, if you want to match a response message of a Shiro application, the normal matching rule is rememberMe=delete, if you want to extract this content, you need to become (rememberMe=delete). [hide][Hidden Content]]

Burp Bounty – Scan Check Builder This Burp Suite extension allows you, in a quick and simple way, to improve the active and passive burpsuite scanner by means of personalized rules through a very intuitive graphical interface. Through an advanced search of patterns and an improvement of the payload to send, we can create our own issue profiles both in the active scanner and in the passive. Examples of vulnerabilities that you can find So, the vulnerabilities identified, from which you can make personalized improvements are: Active Scan: XSS reflected and Stored SQL Injection error based Blind SQL injection Blind SQL injection time-based XXE Blind XXE SSRF CRLF Information disclosure Nginx off-by-slash vulnerability – From Orange Tsai Command injection Web cache poisoning Blind command injection Open Redirect Local File Inclusion Remote File Inclusion Path Traversal LDAP Injection XML Injection SSI Injection XPath Injection etc Passive Response Scan Security Headers Cookies attributes Endpoints extract Software versions Error strings In general any string or regular expression in the response. Passive Request Scan Interesting params and values In general any string or regular expression in the request. Changelog v4.0 Burp Bounty Pro 1.6 core Quick issue alert More options for creating profiles [hide][Hidden Content]]

Burpcrypto is a collection of burpsuite encryption plug-ins, supporting AES/RSA/DES/ExecJs(execute JS encryption code in burpsuite). Usage Add this jar to your burpsuite’s Extensions. Switch to the BurpCrypto tab, select you to need the Cipher tab. Set key or some value. Press “Add processor”, and give a name for this processor. Switch to Intruder->Payloads->Payload Processing. Press “Add”, select “Invoke Burp extension”, and the select processor you just created. Press “Start attack”, have fun! Key Example Aes Key(UTF8String): abcdefgabcdefg12 Aes IV(UTF8String): abcdefgabcdefg12 Rsa X509 Key: MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCC0hrRIjb3noDWNtbDpANbjt5Iwu2NFeDwU16Ec87ToqeoIm2KI+cOs81JP9aTDk/jkAlU97mN8wZkEMDr5utAZtMVht7GLX33Wx9XjqxUsDfsGkqNL8dXJklWDu9Zh80Ui2Ug+340d5dZtKtd+nv09QZqGjdnSp9PTfFDBY133QIDAQAB Rsa Modulus: ca27d90f03753cbbc9958011baf701ac99305b63f68e26ab5617593e01d2fb519127fb87bafbe6e0472ec3a038575fa292adadbc79390a955a61b29431f78f4734773048a45dcf100e23cabf2df11a55aa90cd6b024a44eed1096c3b9e1408d46aae54d7291b82fe4b7867c5eaa45e9cc0ba7f7ae3e5593337c7dcbace2d02ed2fbbff26c6df8a32bb26be80603fcd94c6c8dbd67878d77b37fedcf808e3d8f469aaa7c65d033d547a5c8ea9bdd5c89b836c65852f355a5efd9c7137a186a62b5eb0e052c8be3096d3b51133f8a8c108292a296c99d37bad42bcc3f6c39fa5e583582942b4fc4e7ff4b6779fff5bbaddc65b19c7c57d8cdb39b1a994e08d4a2f50793d8f707d069c380baf0f64bfdce3b35d0b5c5c59348a35a082012aaf4991080abf518b55787969ff24186cb95f7e7218c904cf1dcaeb5bed723e305b83f2e85d6f116d2c7400f9e49d904db8a5a3a0701cdb579fbf3128511acd0f789ece1233ed926d705b3b0dfa34bf33f5ae4bdc611a602aa03aaae13400bc7ad3813ea4474dc62de3d0cb1f5aac277d895a75d38f9b920938fa6b1de35bd6132798c122403c685bdb6e5e24bbd70cfb3e968da0b8affd398e539e7c1e7add09891780bcbd278f3900499ae09cee0dc62e3f92e70001bab6d46261d2801a37f80d84d0e39fce6eaedf106a61b5961960641b9db0e4e23c770e6370ac5d61c6c9eb0f07 Rsa Exponent: 010001 Changelog v0.1.9 Fix JS editor can’t activate. add htmlunit JS engine. add jre built-in JS engine. add JS engine switcher. [hide][Hidden Content]]

HaE is used to highlight HTTP requests and extract information from HTTP response messages or request messages. The plugin can custom regular expressions to match HTTP response messages. You can decide for yourself whether the corresponding request that meets the custom regular expression match needs to be highlighted and information extracted. Note: The use of HaE requires a basic regular expression foundation for testers. Since the Java regular expression library is not as elegant or convenient as Python when using regular expressions, HaE requires users to use () to extract what they need The expression content contains; for example, if you want to match a response message of a Shiro application, the normal matching rule is rememberMe=delete, if you want to extract this content, you need to become (rememberMe=delete). Changelog v2.0.5 Fixed a logic error #18 [hide][Hidden Content]]

HaE is used to highlight HTTP requests and extract information from HTTP response messages or request messages. The plugin can custom regular expressions to match HTTP response messages. You can decide for yourself whether the corresponding request that meets the custom regular expression match needs to be highlighted and information extracted. Note: The use of HaE requires a basic regular expression foundation for testers. Since the Java regular expression library is not as elegant or convenient as Python when using regular expressions, HaE requires users to use () to extract what they need The expression content contains; for example, if you want to match a response message of a Shiro application, the normal matching rule is rememberMe=delete, if you want to extract this content, you need to become (rememberMe=delete). Changelog v2.0 UI reconstruction: more intuitive, support for adding category tags and sorting headers; Configuration reconstruction: Converted from JSON format file to YAML format Scope refinement: from the support request message, response message, and all messages to support request message, response message, all messages, request header, request body, response header, and response body Controllable configuration: you can customize the URI suffixes you don’t want to match [hide][Hidden Content]]

HackBar (Burpsuite Plugin) HackBar is a sidebar that assists you with web application security testing, it’s aim is to help make those tedious tasks a little bit easier. Feature MD5, SHA1, SHA256 Hashing Algorithms ROT13 Encoding/Decoding Base64 Encoding/Decoding URL Encoding/Decoding Hex Encoding/Decoding Binary Encoding/Decoding Load, split and execute HTTP requests, This also includes the ability to manipulate POST data and your Referer Extract links from the current page Strip spaces and slashes from strings as well as reversing them XSS assistance (String.fromCharCode generation, HTML Characters and XSS Alert generation) Auto-XSS (Scrapes possible parameters and tests them for XSS (either using a Custom payload or a Polygot)) SQL Injection Assistance Changelog v2.0 Shifted to gradle from NetBeans Bug Fix [hide][Hidden Content]]

Copy as XMLHttpRequest BurpSuite extension The extension adds a context menu to BurpSuite that allows you to copy multiple requests as Javascript's XmlHttpRequest, which simplifies PoC development when exploiting XSS. [hide][Hidden Content]]

Burp Suite Professional Test, find, and exploit vulnerabilities Arm yourself with the leading toolkit for web security testing. Burp Suite Professional is an advanced set of tools for testing web security - all within a single product. From a basic intercepting proxy to the cutting-edge Burp Scanner, with Burp Suite Pro, the right tool is never more than a click away. Our powerful automation gives you more opportunity to do what you do best, while Burp Suite handles low-hanging fruit. Advanced manual tools will then help you identify your target's more subtle blind spots. Burp Suite Pro is built by a research-led team. This means that before we even publish a paper, its findings have been included in our latest update. Our pentesting tools will make your job faster while keeping you informed of the very latest attack vectors. This release strengthens support for HTTP/2 and turns it on by default. It also fixes several bugs. HTTP/2 support We have strengthened support for HTTP/2 within Burp Suite. HTTP/2 support is now turned on by default and is no longer considered experimental. Burp will interact with targets via HTTP/2 when a target supports it. HTTP/2 support brings a significant performance improvement to the network layer, benefiting Scanner and Intruder speed. It also provides future compatibility with any site that no longer supports HTTP/1.1. If you prefer not to use HTTP/2, you can disable its use under Project Options / HTTP. Bug fixes This release provides several minor improvements and bug fixes, including: The crawler no longer produces an error when it encounters request bodies that contain JSON literals when it is crawling OpenAPI definitions. Burp Suite now shuts down correctly on macOS. The number of characters selected now shows in the message inspector when selecting non-editable messages. Custom menu items added by extensions are now shown in a sub-menu of the context menu, to avoid cluttering. The hash algorithm list within Burp Decoder is now sorted alphanumerically. The resource pool button is now disabled when configuring a live passive crawl, as this crawl does not make requests. The automatic backup progress dialog box no longer appears if Burp Suite is minimized. [Hidden Content] [hide][Hidden Content]]