burp suite pro

hey guys, i have been using burp suite pro for a while both in work and on here. i still consider myself an novice with the tool but i use the active scanning, discovery, repeater, intruder on a regular basis.

i wondered if anyone here uses any extensions or has any recommended reading for fully utilising the tool?

any advice welcome

I would recommend Decoder Improved, Notes, and JSON Beautifier for added extensions. As for learning Burp Suite itself, I would focus more on learning the HTTP protocol, the tool will come naturally after that. Use it on normal sites, rest apis, soap apis, etc…

@cdf123 said:
I would recommend Decoder Improved, Notes, and JSON Beautifier for added extensions. As for learning Burp Suite itself, I would focus more on learning the HTTP protocol, the tool will come naturally after that. Use it on normal sites, rest apis, soap apis, etc…

thanks for the info. i will check it all out

Logger++ is really useful for figuring out wtf you did during a long session.
I find CO2, Auto-Repeater, and Copy as python requests super handy.

@onlyamedic said:
Logger++ is really useful for figuring out wtf you did during a long session.
I find CO2, Auto-Repeater, and Copy as python requests super handy.

perfect , thanks for the advice

for anyone else reading it later, i recommend not using burp sh1t at all, or zaproxy, it uses much ressources and isnt that useful, plus cant be scriptable as it is GUI.

Firefox has everything you need nowadays, use wfuzz for all kind of fuzzing coupled with SecLists, and you can pretty much do everything what burp can, but with a nice dark mode and less ressources

EDIT : forgot, burp isnt FOSS, even more reasons not to use it