Noteworthy Burp Extensions
The following are some of the extensions worth taking a look at:
- Heartbleed: This extension checks whether a particular server is vulnerable to the Heartbleed vulnerability (http://heartbleed.com). Usually, such a check would be done by the vulnerability assessment software, such as Nessus or Nmap with NSE.
- Logger++: Many times, a client report requires full logs of each and every request and response. Logger++ takes care of this really well. The logs can be sorted and also saved in CSV format, which can then be imported in a spreadsheet software, such as Microsoft Excel or OpenOffice Calc.
- CO2: This extension has multiple features, of which the most useful one for me is the ability to give the sqlmap command-line output that can be directly run on the command line.
- Reissue Request scripter: This extension generates scripts from Proxy history, which can then be saved outside of Burp and run from the command line. These scripts are generated for Python, Ruby, Perl...