As we mentioned in our recent blog post on good resources for new Burp Suite Professional users, the BApp Store is one of the largest repositories of community-created user content you're likely to find anywhere. So when we spotted a tweet from HackerOne's @NahamSec (Ben Sadeghipour), asking the Burp Suite community for recommendations on their favorite Burp extensions, we knew it was going to be good.
In short, here's what we learned …
Here are five of your favorite BApps:
BApp Store link: Autorize.
One Burp extension that kept cropping up here was Autorize, by Barak Tawily. Autorize helps you to test for authentication vulnerabilities, and can save you a lot of time in doing this.
2. Turbo Intruder
BApp Store link: Turbo Intruder.
Turbo Intruder, by PortSwigger Research's James Kettle was another popular entry. Turbo Intruder enables automated attacks even where extreme speed or complexity is required.
BApp Store link: Hackvertor.
Another popular Burp extension - this time by PortSwigger researcher Gareth Heyes - is Hackvertor. Hackvertor is a tag-based conversion tool that supports numerous escapes and encodings.
4. Burp Bounty
5. Param Miner
BApp Store link: Param Miner.
Finally, another BApp that kept cropping up was Param Miner (again, by James Kettle). Built to identify hidden, unlinked parameters, Param Miner is very useful when hunting for web cache poisoning vulnerabilities.
Have your say
It's always great to hear how other members of the community are using Burp Suite - and it's brilliant to see so many of you putting its extensibility features to good use. But the five Burp extensions in this post are by no means the limit of what's available in the BApp Store - this is just the tip of the iceberg.
If there are BApps you find especially useful, then we'd love to hear about them. Let us know over on Twitter, using #BurpSuiteTips - and give @PortSwigger a follow, if you haven't already. Finally, for updates on all the latest Burp extensions, don't forget to follow @BApp_Store.