Useful BURP extension for Pentesting

Here I am going to share some BURP extension which will be useful during your pentesting.

1) Content Type Converter

This is useful for discovering vulnerabilities that can only be found by converting the content type of a request. For example, if an original request submits data using JSON, we can attempt to convert the data to XML, to see if the application accepts data in XML form. If so, we can then look for vulnerabilities like XXE injection which would not arise in the context of the original JSON endpoint. It might also be possible to find vulnerabilities behind web application firewalls or other filters that assume the incoming data is in a specific format, while the application tolerates data in other formats.

Requires Java version 8.

Download the plugin “https://github.com/NetSPI/Burp-Extensions/tree/master/ContentTypeConverter

2) Logger++

This extension can be used to log the requests and responses made by all Burp tools, and display them in a sortable table. It can also save the logged data in CSV format.

Requires Java version 7.

Download the plugin “https://github.com/nccgroup/BurpSuiteLoggerPlusPlus

Will Share Some More Extension Soon..

Leave a Reply

Your email address will not be published. Required fields are marked *