
If you find yourself testing applications that make use of J2EE on a regular basis, then J2EEScan is for you. But there's always room for improvement - especially if you're operating in any type of a niche. Straight out of the box, Burp Scanner can find a whole host of vulnerabilities. Intruder took 13 mins to send 52709 payloads.

Thank you for the incredible Turbo Intruder. If you're half-decent in Python and this sounds like fun, we highly recommend taking Turbo Intruder for a spin. It's highly configurable and is designed to achieve flat memory use - so it can run for days if it has to. Turbo Intruder is great for finding race conditions, as well as performing complex attacks involving multiple steps, or signed requests, for example. In fact, it's capable of making tens of thousands of HTTP requests per second, if necessary. Built for speed using a custom HTTP stack, and configured in Python, Turbo Intruder is blisteringly quick. But for some tasks, you really can't have enough power. Simple to use and eminently stable, Burp Intruder is a powerful bruteforcing tool. Curtis BrazzelĪuthor: James Kettle, Director of Research, PortSwigger I LOVE AUTORIZE! BEST BURP EXTENSION? That is all. It then logs the status of these attempts in a color-coded table. As you use privileged functions, Autorize will repeat your requests as if it is a non-privileged user. Next, browse the app, using the cookies of a user who does have privileged access. The first step in using Autorize is generally to feed it the cookies of a non-privileged user within a web application.

Fortunately, a convenient pentesting tool called Autorize can help you make light work of this task. It takes forever and bores most pentesters to tears. If you've ever manually tested a reasonably large web application for access control issues, then you probably know it's no fun. The ability to log outgoing requests is really important when using other extensions like Hackvertor that modify them." Gareth Heyes Web Security Researcher "Logger++ is essential when I'm testing a site. It stores all Burp's requests and responses in an easily exported and sortable table.


Well, whether you're debugging an issue, or just want to take a closer look at what Burp Suite is doing, Logger++ gives you what you need. What is Burp Scanner, or a particular extension doing behind the scenes, for instance? But there are occasions when you need to see more. The top 10 Burp Suite extensions for pentestersīurp Suite Pro allows you to proxy every request and response you put through it.
