Configuring Burpsuite Pro

‚Äč

Burp Suite Professional

Plugins to install from BApp store, restart before using any new plugins & ensure they are loaded under Extender > Extensions

FYI if using a mac disable all extensions at startup or it will use a lot of CPU power and the battery life will suffer.

  • Active Scan++

  • Additional Scanner Checks

  • Auth matrix

  • Backslash powered scanner

  • CO2

  • CSRFScanner

  • EsPReSSO

  • HTML5 Auditor

  • JSON Beautifier

  • JSON Web Tokens

  • Logger++

  • NmapParser

  • Notes

  • Paramalyzer

  • Reflected Parameters

  • Scan check builder + profiles

  • Sentinel

  • Software Version Reporter

  • Software Vulnerability Scanner

  • SQLiPy

  • SSL Scanner

  • Upload Scanner

  • WAFDetect

  • Wordlist Extractor

  • Wordpress Scanner

Settings:

  • New Project On Disk

  • Use Burp Defaults > Start Burp

  • Turn off proxy (CTRL + SHIFT + P)

  • Proxy > Options > Intercept Client Responses

  • Proxy > HTTP History > Show Only In Scope Items

  • Project Options > Misc > Logging All tools Requests & Responses

  • User Options > Misc > Disable automatic project backup

  • Add target to scope http & https > Proxy History Logging > No

  • Manually click every link and submit every form except the logout function & contact us pages.

  • Proxy > HTTP History > Select all inscope http requests except logout and contact us pages to scanner > Crawl & Audit

  • Target > Select relevant DIR and send to scanner > Crawl & Audit

  • Never select whole site to avoid contacts