This extension clusters similar responses together, and shows a summary with one request/response per cluster. This allows the tester to get an overview of the tested website's responses from all Burp Suite tools. This is powerful, because it adds an additional vulnerability detection mechanism. Instead of using known techniques (error-based, inband sleep-based, out-of-band Burp Collaborator, etc.), this extension will assist in finding anomalies with a semi-automated approach allowing you to review a selection of server responses.
Options for determining similarity can be configured, in case too few or too many clusters are generated. Because the similarity comparison can consume a lot of ressources, only small, in-scope responses that have interesting response codes, file extensions and MIME types are processed.
The extension persists results in the project.
|Author||floyd, modzero AG|
|Last updated||29 April 2019|
You can install BApps directly within Burp, via the BApp Store feature in the Burp Extender tool. You can also download them from here, for offline installation into Burp.
|You can view the source code for this BApp by visiting our GitHub page.|
|Follow @BApp_Store on Twitter to receive notifications of all BApp releases and updates.|
Please note that extensions are written by third party users of Burp, and PortSwigger Web Security makes no warranty about their quality or usefulness for any particular purpose.