As we mentioned in our recent blog post on good resources for new Burp Suite Professional users, the BApp Store is one of the largest repositories of community-created user content you're likely to find anywhere. So when we spotted a tweet from HackerOne's @NahamSec (Ben Sadeghipour), asking the Burp Suite community for recommendations on their favorite Burp extensions, we knew it was going to be good.
In short, here's what we learned …
BApp Store link: Autorize.
One Burp extension that kept cropping up here was Autorize, by Barak Tawily. Autorize helps you to test for authentication vulnerabilities, and can save you a lot of time in doing this.
BApp Store link: Turbo Intruder.
Turbo Intruder, by PortSwigger Research's James Kettle was another popular entry. Turbo Intruder enables automated attacks even where extreme speed or complexity is required.
BApp Store link: Hackvertor.
Another popular Burp extension - this time by PortSwigger researcher Gareth Heyes - is Hackvertor. Hackvertor is a tag-based conversion tool that supports numerous escapes and encodings.
BApp Store link: Param Miner.
Finally, another BApp that kept cropping up was Param Miner (again, by James Kettle). Built to identify hidden, unlinked parameters, Param Miner is very useful when hunting for web cache poisoning vulnerabilities.
It's always great to hear how other members of the community are using Burp Suite - and it's brilliant to see so many of you putting its extensibility features to good use. But the five Burp extensions in this post are by no means the limit of what's available in the BApp Store - this is just the tip of the iceberg.
If there are BApps you find especially useful, then we'd love to hear about them. Let us know over on Twitter, using #BurpSuiteTips - and give @PortSwigger a follow, if you haven't already. Finally, for updates on all the latest Burp extensions, don't forget to follow @BApp_Store.