This extension enhances Burp Suite by adding several UI and functional features, making it more user-friendly.

Burp Suite extension that enhances Burp Active Scan by adding template engine specific SSTI payloads.

BurpSuite Extension leveraging new Montoya API to automatically sets payload positions to your inruder tab saving you time during VAPT.

Burp Suite extension + port-based highlighter: dedupes HTTP history into a live unique-request feed and color-codes attacker/victim traffic by listener port (PwnFox-style) — built for Android/iOS multi-account IDOR/BOLA testing, with Magic Cookie, Match & Replace, and .http export for Claude Code / AI.

This extension integrates popular CAPTCHA solution services into BurpSuite to process different types of CAPTCHAs without manual intervention.

All-in-one Burp Suite attack framework — 16 active scanners, 4 passive analyzers, SQL exploitation engine (OmniMap), AI-powered fuzzing, prerequisite chain automation (Stepper), built-in OOB server (HTTP+DNS). Single JAR, Montoya API.

REST API automation for Burp Suite Community Edition. Drop-in Java extension exposing send/repeat/history endpoints over a local HTTP API.

Autonomous AI penetration testing agent for Burp Suite. Agentic pentesting with local/cloud LLMs (Ollama, Gemini, DeepSeek, OpenRouter) via Montoya API.

Enables transparent use of Excel files in Burp Suite

Proof-of-testing coverage tracker for Burp Suite — automatically captures traffic from all tools, classifies testing depth per endpoint, and highlights untested gaps in your scope.

🛡️ Burp Suite extension for automated access control bypass, path traversal & Web Cache Deception testing. Header spoofing, URL encoding, cache deception pipelines – all in one tool.

Burp Suite extension implementing OWASP API Security Top 10 (2023) coverage on the Montoya API — active + passive scan checks with optional Burp AI integration

This BurpSuite extension tests ESPv2 malicious X-HTTP-Method-Override header value to bypass JWT authentication in specific cases.

This Burp Suite extension monitors a provided JWT token for its expiration and replaces any already present JWT token in outgoing requests with the provided one

Burp Suite Professional extension with embedded Discord bot for real-time scan control, findings notifications, and workflow automation

Burp Suite extension that drives a content-discovery / fuzzing crawler (gocrawlerd) from inside Burp — results stream back over SSE as real Burp HTTP messages.

Analyze JAR bytecode and store results in SQLite for security audits and code review automation