Skip to content

Extensions

I thought I would share the few extensions I use in Burp Suite Pro. Keep in mind a couple of things:

  1. This list works for me and what is required of me daily. Your mileage may vary depending on the environment you currently work in and the technologies involved.
  2. There is no specific order to this list. Each plugin serves its own purpose equally to the others.

In other words, don't take this as a "Top 10 Burp Suite Plugins, please smash that like and subscribe button" post.

Active Scan++

By James Kettle

Active Scan++ is the #1 rated plugin on the BApp Store for a reason. The additional features it adds to the scanning engine in Burp Suite are good enough that it should just be integrated into the native application. Here’s a small list of what Active Scan++ adds:

  • Potential host header attacks (password reset poisoning, cache poisoning, DNS rebinding)
  • Edge side includes
  • XML input handling
  • Suspicious input transformation (e.g., 7*749, \x41\x41AA)
  • Passive-scanner issues that only occur during fuzzing (install the Error Message Checks extension for maximum effectiveness)
  • Blind code injection via expression language, Ruby's open() and Perl's open()
  • Checks for vulnerabilities like CVE-2014-6271 (Shellshock) and others

This tool automates tedious tasks, saving you valuable time—especially when searching for low-hanging fruit. Best of all, it doesn’t require Burp Suite Pro, and there’s no additional setup needed.

Software Vulnerability Scanner

By Vulners.com

This extension is a lifesaver for identifying software vulnerabilities. Features include:

  • Detecting vulnerable software by fingerprints or CPE
  • Identifying vulnerable paths used in exploits

The extension works automatically as you crawl through a target site, discovering version numbers and pulling down known vulnerabilities. It’s an incredible time-saver when researching software weaknesses.

Autorize

By Barak Tawily

Autorize simplifies privilege escalation testing. It works by using cookies (or not) from a lower-privileged user while you navigate the site as a higher-privileged user. The extension automatically resends requests with the lower-privilege credentials and flags any unauthorized access it discovers.

This is a huge time-saver during reconnaissance, letting you identify potential issues to dive deeper into later.

CSRF Scanner

By Adrian Hayter

CSRF Scanner passively scans for CSRF vulnerabilities while you work.

Pro Tip: There are often false positives with this tool, but with experience, you’ll learn to differentiate between genuine findings and noise. Like other extensions, it helps you focus on actionable issues instead of getting bogged down.

Bypass WAF

By Josh Berry

Bypass WAF does exactly what it says—helps you bypass web application firewalls (WAFs). It automatically adjusts headers to circumvent WAF restrictions, saving you from the hassle of manual tweaks.

This tool is invaluable when time is of the essence, allowing you to concentrate on significant findings rather than spending time troubleshooting WAF responses.

Final Thoughts

These tools may appear to automate much of the work, but they are designed to enhance your expertise, not replace it. As a pentester, time is often your most limited resource. By streamlining repetitive tasks, these extensions allow you to focus on uncovering meaningful vulnerabilities, ultimately benefiting both you and your client.