Ethical Hacking

Best Burpsuite Extensions used by Pentesters

Best Burpsuite Extensions used by Pentesters

Hello Hackers,

Let’s read some Cybersecurity Blogs,

I am so sorry for the Long delay, I was exploring various Hacking new techniques and other things…

Today we will see the best Burpsuite extensions used by Hackers, and Pentesters, this blog might go very informative regarding tools and all, and it will help you find more things by using all these extensions.

Active Scan++

Active Scan++ is one of the most popular extensions, I guess every bug-hunter uses this extension, and give strength to their Reconnaissance.

Burpsuite already has “Active” and “Passive” scans but Active Scan++ takes it to the next level, it identifies the Application Behaviour and fetches interesting things for Pentesters.

  • Passive-scanner issues that only occur during fuzzing (install the ‘Error Message Checks’ extension for maximum effectiveness)
  • Blind code injection via expression language, Ruby’s open() and Perl’s open()
  • XML input handling
  • Potential host header attacks (password reset poisoning, cache poisoning, DNS rebinding)
  • Edge side includes
  • CVE-2014-6271/CVE-2014-6278 ‘shellshock’ and CVE-2015-2080, CVE-2017-5638, CVE-2017-12629, CVE-2018-11776 and many more…
  • Suspicious input transformation (eg 7*7 => ’49’, \x41\x41 => ‘AA’)

This extension requires Burpsuite Professional version and Jython 2.5 or later.




Logger++

Logger++ is a type of proxy history and this logs all responses in real-time testing.

  • Logs all the tools that are sending requests and receiving responses
  • Ability to log from a specific tool
  • Ability to save the results in CSV format
  • Ability to show results of custom regular expressions in request/response
  • Users can customize the column headers
  • Advanced Filters can be created to display only requests matching specific conditions
  • Row highlighting can be added using advanced filters to make interesting requests more visible
  • Requests which match a filter can be automatically tagged (e.g. Admin, Low Privilege User, etc.)
  • Grep through logs
  • Live requests and responses
  • Multiple view options
  • Pop-out view panel
  • Multithreaded

Authorize

Authorize helps find the Authorization vulnerability and this is the most time-consuming vulnerability if we are finding it manually…

It modifies cookies and tries various other ways to find Authorization vulnerabilities, it can useful for elevating the low-privilege user to high privileged user.

This Authorize extension works without any configuration, but it can be modified, or customized to make it more powerful.

The reported enforcement statuses are the following:

  1. Bypassed! – Red color
  2. Enforced! – Green color
  3. Is enforced??? (please configure enforcement detector) – Yellow color

Param Miner

Param Miner extension finds hidden, unlinked parameters. It’s particularly useful for finding web cache poisoning vulnerabilities, and requires Burp Suite v2021.9 or later.

It combines advanced diffing logic from “Backslash Powered Scanner” with a binary search technique to guess up to approx 65,536 param names per request. Param names come from a carefully curated built-in wordlist, and it also harvests additional words from all in-scope traffic.

For use, right-click on a request in Burp and click “Guess (cookies|headers|params)“. If you’re using Burp Suite Pro, identified parameters will be reported as scanner issues. If not, you can find them listed under “Extender->Extensions->Param Miner->Output“.




Turbo Intruder

Turbo Intruder is a Burp Suite extension for sending large numbers of HTTP requests and analyzing the results. It’s intended to complement Burp Intruder by handling attacks that require extreme speed or complexity.

  • Fast-Turbo Intruder uses an HTTP stack hand-coded from scratch with speed in mind. As a result, on many targets, it can seriously outpace even fashionable asynchronous Go scripts.
  • Flexible – Attacks are configured using Python. This enables the handling of complex requirements such as signed requests and multi-step attack sequences. Also, the custom HTTP stack means it can handle malformed requests that break other libraries.
  • Scalable – Turbo Intruder can achieve flat memory usage, enabling reliable multi-day attacks. It can also be run in headless environments via the command line.
  • Convenient – Boring results can be automatically filtered out by an advanced diffing algorithm adapted from Backslash Powered Scanner

That’s all for the day, Hope you enjoyed reading this blog…

Happy Hacking !!!

Share this post

About the author

Leave a Reply

Your email address will not be published. Required fields are marked *