AI-powered vulnerability scanner extension for Burp Suite with multi-provider support (Ollama, OpenAI, Claude, Gemini)

Lightweight BApp that seamlessly integrates powerful LLM-scanning capabilities into Burp's built-in Scanner with improved accuracy. Supports the latest LLMs from OpenAI (gpt-4o, o1), Anthropic (Claude 3.5, Claude 3), and Google (Gemini 1.5). Requires valid API key(s) and an active Burp Suite Pro or Enterprise license.

A passive recursive path probing extension for Burp Suite, built on the Montoya API with YAML rules and low-noise vulnerability detection.

BurpSuite 被动指纹识别 / Favicon Hash / 递归目录扫描 / 路径收集 一体化插件

Burp Suite extension + port-based highlighter: dedupes HTTP history into a live unique-request feed and color-codes attacker/victim traffic by listener port (PwnFox-style) — built for Android/iOS multi-account IDOR/BOLA testing, with Magic Cookie, Match & Replace, and .http export for Claude Code / AI.

🎯 VISTA — AI-Powered Security Testing Assistant for Burp Suite. Real-time traffic analysis, 12 expert vulnerability templates, 80+ payloads, WAF detection & bypass. Supports OpenAI, Azure, and OpenRouter (FREE). Zero dependencies.

All-in-one Burp Suite attack framework — 16 active scanners, 4 passive analyzers, SQL exploitation engine (OmniMap), AI-powered fuzzing, prerequisite chain automation (Stepper), built-in OOB server (HTTP+DNS). Single JAR, Montoya API.

Burp Suite 自动注入 X-Forwarded-For、X-Real-IP 等 HTTP Header 插件，用于 IP 伪造、WAF 绕过、CDN 回源

Stop manually replacing cookies in every Repeater tab. Define your session tokens once and Cookie Swapper auto-applies them to any request. Perfect for retesting bugs with fresh cookies across large request histories.

🆓 Free Burp Collaborator Alternative - Advanced Out-of-Band testing for Burp Suite Community & Pro. Multi-bin management, RequestBin.net integration, persistent storage.

Burp Suite extension for passive GraphQL reconnaissance. Catalogs operations from proxy traffic, tracks variable shapes with sample values, stores original requests per signature, and sends to Intruder with auto-marked payload positions. Supports status triage, export/import for session persistence, and batched mutation detection.

🛡️ Burp Suite extension for automated access control bypass, path traversal & Web Cache Deception testing. Header spoofing, URL encoding, cache deception pipelines – all in one tool.

Proof-of-testing coverage tracker for Burp Suite — automatically captures traffic from all tools, classifies testing depth per endpoint, and highlights untested gaps in your scope.

HarQL - Advanced GraphQL Harvester Burp Suite Extension | No Introspection | Meta FB,IG,.. Optimized | Send to Repeater + Inferred Schema + Pitchfork Export

💉 Burp Deep Data Injector is a BurpSuite extension that allows pentesters to define targets within non-standard locations such as encoded regions or serialized data.

Burp Suite extension implementing OWASP API Security Top 10 (2023) coverage on the Montoya API — active + passive scan checks with optional Burp AI integration

OWASP Sentinel Pro - real-time passive OWASP Top 10 + JWT/OAuth/SAML scanner for Burp Suite (Montoya API)

🔐 Burp Suite Extension for transparent AES-CBC encrypted traffic decryption, editing, and scanning

🪄 Magic variables is a Burp extension that provides helpful replacements in traffic such as random integers, random UUIDs and random strings.

Burp Suite Professional extension with embedded Discord bot for real-time scan control, findings notifications, and workflow automation