The best Burp plugin I’ve ever seen
Wanted to share with you what IMHO is the most promising Burp Suite plugin that just might transform it to the best penetration tool ever. It’s the Vulners plugin, available for free at github (https://github.com/vulnersCom/burp-vulners-scanner). If you are lazy like me, a build is available here: https://github.com/vulnersCom/burp-vulners-scanner/releases/download/1.1/burp-vulners-scanner-1.1.jar
Installation
It’s easy if you know how to deal with a plugin in Burp. If you don’t know, please find a video here:
Extender->Extensions->Add->Extension in file (.jar)
Configuring
The developer recommends enabling all the experimental features. No surprises here. There is only one of them and it is called “use scan by location paths”. This feature provides the ability to correlate all the URL paths from live traffic with an exploits database to suggest applicable vulnerability bulletins. It’s a super useful thing, just enable it!
Using
If you would like to avoid false positives or add some new checks there you may add detection rules in the “Scan rules” tab.
It’s the easiest way to extend your Burp capabilities with custom regexps/signatures to catch something application specific.
Conclusion
Why it’s better than Nessus you may ask? Just because it’s traffic-related checks! Nessus will never find a /wordpress-x/ directory for you but your browser together with Burp Suite can easily solve this task. The modern web cannot be crawled, it should be sniffed instead.
Hi! I am a robot. I just upvoted you! I found similar content that readers might be interested in:
https://medium.com/@d0znpp/the-best-burp-plugin-ive-ever-seen-2d17780342
Downvoting a post can decrease pending rewards and make it less visible. Common reasons:
Submit