burp 插件簡介

burp自帶插件store，可以直接安裝，如下圖：

所有插件安裝之后，都可以在extensions選項卡中找到，隨時可以加載，取消，刪除。如下圖：

插件功能及翻譯：

.NET Beautifier：Masks verbose parameter details in .NET requests.

美化.NET請求中的詳細參數(shù)詳細信息。

Active Scan++：Extends Burp's active and passive scanning capabilities.

擴展了Burp的主動和被動掃描功能。

Add & Track Custom Issues：Create custom issues in Burp Scanner results, using predefined issue templates.

使用預定義的問題模板在Burp Scanner結(jié)果中創(chuàng)建自定義問題。

Add Custom Header：Add or update custom HTTP headers from session handling rules. Useful for JWT.

從會話處理規(guī)則添加或更新自定義HTTP標頭。對JWT有用。

Additional CSRF Checks：Performs additional checks for CSRF vulnerabilities in a semi-automated manner.

以半自動方式對CSRF漏洞執(zhí)行其他檢查。

Additional Scanner Checks：Provides some additional passive Scanner checks.

提供一些額外的被動掃描儀檢查。

AES Payloads：Allows encryption and decryption of AES payloads in Burp Intruder and Scanner.

允許在Burp Intruder和Scanner中加密和解密AES有效負載。

Attack Surface DetectorUse static analysis to identify web app endpoints by parsing routes and identying parameters.使用靜態(tài)分析通過解析路由和識別參數(shù)來識別Web應用程序端點。

AuthMatrixProvides a simple way to test authorization in web applications and web services.提供在Web應用程序和Web服務中測試授權(quán)的簡單方法。

AuthzHelps test for authorization vulnerabilities.幫助測試授權(quán)漏洞。

Auto RepeaterAutomatically repeat requests, with replacement rules and response diffing.使用替換規(guī)則和響應差異自動重復請求。

AutorizeAutomatically detects authorization enforcement.自動檢測授權(quán)實施。

AWS Security ChecksAdditional Scanner checks for AWS security issues.此擴展提供額外的AWS（Amazon Web Services）網(wǎng)站安全掃描功能，需要申請亞馬遜安全服務的key

Backslash Powered ScannerFinds unknown classes of injection vulnerabilities.查找未知類型的注射漏洞。

Batch Scan Report GeneratorGenerates multiple scan reports by host with just a few clicks.只需點擊幾下，即可通過主機生成多個掃描報告。

BlazerGenerates and fuzzes custom AMF messages.生成并模糊自定義AMF消息。

BradamsaGenerates Intruder payloads using the Radamsa test case generator.使用Radamsa測試用例生成器生成入侵者有效負載。

Brida, Burp to Frida bridgeA bridge between Burp Suite and Frida to help test Android applications.Burp Suite和Frida之間的橋梁，可幫助測試Android應用程序。

Browser RepeaterAutomatically renders Repeater responses in Firefox.在Firefox中自動呈現(xiàn)Repeater響應。

BubyAdds Ruby scripting capabilities to Burp.為Burp添加Ruby腳本功能。

Burp ChatEnables collaborative usage of Burp using XMPP/Jabber.使用XMPP / Jabber實現(xiàn)Burp的協(xié)作使用。

Burp CSJIntegrates Crawljax, Selenium and JUnit into Burp.將Crawljax，Selenium和JUnit集成到Burp中。

BurpelFishAdds Google Translate to Burp's context menu.將Google Translate添加到Burp的上下文菜單中。

Burp-hashIdentifies previously submitted inputs appearing in hashed form.標識以散列形式出現(xiàn)的先前提交的輸入。

BurpSmartBusterLooks for files, directories and file extensions based on current requests received by Burp Suite.根據(jù)Burp Suite收到的當前請求查找文件，目錄和文件擴展名。

Bypass WAFAdds headers useful for bypassing some WAF devices.添加用于繞過某些WAF設備的標頭。

CarbonatorProvides a command-line interface to drive spidering and scanning.提供命令行界面以驅(qū)動抓取和掃描。

Cloud Storage TesterTest Amazon S3, Google Storage and Azure Storage for common misconfiguration issues.針對常見的錯誤配置問題測試Amazon S3，Google存儲和Azure存儲。

CMS ScannerScan for common vulnerabilities in popular CMS.掃描常用CMS中的常見漏洞。

CO2Adds various capabilities including SQL Mapper, User Generator and Prettier JS.添加各種功能，包括SQL Mapper，User Generator和Prettier JS。

Code DxUploads scan reports directly to CodeDx, a software vulnerability correlation and management system.將掃描報告直接上傳到CodeDx，這是一個軟件漏洞關(guān)聯(lián)和管理系統(tǒng)。

Collaborator? EverywhereAugments your proxy traffic by injecting non-invasive headers designed to reveal backend systems by causing pingbacks to Burp Collaborator.通過注入非侵入式標頭來擴充您的代理流量，這些標頭旨在通過向Burp Collaborator進行pingback來顯示后端系統(tǒng)。

Command Injection AttackerCustomizable payload generator to detect and exploit command injection flaws during blind testing.可定制的有效負載生成器，用于在盲測期間檢測和利用命令注入缺陷。

CommentatorGenerates comments for selected requests based on regular expressions.基于正則表達式為選定請求生成注釋。

Content Type ConverterConverts JSON To XML, XML to JSON, body parameters to JSON, and body parameters to XML.將JSON轉(zhuǎn)換為XML，將XML轉(zhuǎn)換為JSON，將體參數(shù)轉(zhuǎn)換為JSON，將體參數(shù)轉(zhuǎn)換為XML。

Copy as Node RequestCopies the selected requests as Node.JS request code.將所選請求復制為Node.JS請求代碼。

Copy as PowerShell RequestsCopies the selected request(s) as PowerShell invocation(s).將所選請求復制為PowerShell調(diào)用。

Copy As Python-RequestsCopies selected request(s) as Python-Requests invocations.將選定的請求復制為Python-Requests調(diào)用。

Cryptojacking Mine SweeperDetects script includes from over 14000+ known cryptojacking domains.檢測腳本包括超過14000多個已知的加密域。

CSP AuditorDisplays CSP headers for responses, and passively reports CSP weaknesses.顯示響應的CSP標頭，并被動地報告CSP漏洞。

CSP-BypassPassively scans for CSP headers that contain known bypasses or other potential weaknesses.被動掃描包含已知旁路或其他潛在弱點的CSP標頭。

CSRF ScannerPassively scans for CSRF vulnerabilities.被動掃描CSRF漏洞。

CSRF Token TrackerProvides a sync function for CSRF token parameters.為CSRF令牌參數(shù)提供同步功能。

CSurferHides and automatically handles anti-CSRF token defenses.隱藏并自動處理反CSRF令牌防御。

Custom LoggerAdds a new tab to log all requests and responses.添加新選項卡以記錄所有請求和響應。

Custom Parameter HandlerProvides a simple way to automatically modify any part of an HTTP message.提供一種自動修改HTTP消息任何部分的簡單方法。

Custom Send ToAdd a customizable "Send to..." menu to the context menu將可自定義的“發(fā)送到...”菜單添加到上下文菜單中

CustomDeserializerSpeeds up manual testing of web applications by performing custom deserialization.通過執(zhí)行自定義反序列化來加快Web應用程序的手動測試。

CVSS CalculatorCalculates CVSS v2 and v3 scores of vulnerabilities.計算CVSS v2和v3漏洞評分。

Decoder ImprovedA replacement for Burp decoder with tabs, an improved hex editor, and extensibiity.用標簽，改進的十六進制編輯器和可擴展性替代Burp解碼器。

DecompressorView and modify compressed HTTP messages without changing the content-encoding.查看和修改壓縮的HTTP消息，而無需更改內(nèi)容編碼。

Detect Dynamic JSPassively checks for differing content in JavaScript files and aids in finding user/session data.被動檢查JavaScript文件中的不同內(nèi)容并幫助查找用戶/會話數(shù)據(jù)。

Directory ImporterImport results from directory brute forcing tools including GoBuster and DirSearch從目錄暴力強制工具導入結(jié)果，包括GoBuster和DirSearch

Distribute DamageEvenly distributes scanner load across targets.均勻地在目標上分配掃描儀負載。

Dradis FrameworkSend Scanner issues to Dradis collaboration and reporting framework.將掃描程序問題發(fā)送給Dradis協(xié)作和報告框架。

ElasticBurpStores requests/responses in an ElasticSearch index.在ElasticSearch索引中存儲請求/響應。

Error Message ChecksPassively detects detailed server error messages.被動檢測詳細的服務器錯誤消息。

EsPReSSOProcesses and recognizes single sign-on protocols.處理并識別單點登錄協(xié)議。

ExifTool ScannerReads metadata from various file types (JPEG, PNG, PDF, DOC, and much more) using ExifTool.使用ExifTool從各種文件類型（JPEG，PNG，PDF，DOC等）讀取元數(shù)據(jù)。

ExtendedMacroProvides a similar but extended version of the Burp Suite macro feature.提供類似但擴展版本的Burp Suite宏功能。

FaradayIntegrates Burp with the Faraday Integrated Penetration-Test Environment.將Burp與法拉第集成滲透測試環(huán)境集成在一起。

Fast Infoset TesterAllows Burp to test applications that use Fast Infoset XML encoding允許Burp測試使用Fast Infoset XML編碼的應用程序

File Upload TraverserChecks whether file uploads are vulnerable to path traversal檢查文件上載是否容易受到路徑遍歷的影響

FlowProvides request history view for all Burp tools.為所有Burp工具提供請求歷史記錄視圖。

Freddy, Deserialization Bug FinderHelps detect and exploit deserialization vulnerabilities in Java and .Net幫助檢測和利用Java和.Net中的反序列化漏洞

Git BridgeLets Burp users store Burp data and collaborate via git.讓Burp用戶存儲Burp數(shù)據(jù)并通過git進行協(xié)作。

Google AuthenticatorGenerate Google Authenticator OTPs in session handling rules.在會話處理規(guī)則中生成Google身份驗證器OTP。

Google HackLets you run Google Hacking queries and add results to Burp's site map.允許您運行Google Hacking查詢并將結(jié)果添加到Burp的站點地圖中。

GWT Insertion PointsAutomatically identifies insertion points for GWT (Google Web Toolkit) requests.自動識別GWT（Google Web Toolkit）請求的插入點。

HackvertorConverts data using a tag-based configuration to apply various encoding and escaping operations.使用基于標記的配置轉(zhuǎn)換數(shù)據(jù)以應用各種編碼和轉(zhuǎn)義操作。

Handy CollaboratorAssists with using Collaborator during manual testing.協(xié)助在手動測試期間使用Collaborator。

Headers AnalyzerReports security issues in HTTP headers.報告HTTP標頭中的安全問題。

Headless BurpAllows Burp Scanner to be automated, using Spider or an existing Site Map.允許使用Spider或現(xiàn)有站點地圖自動執(zhí)行Burp Scanner。

HeartBleedChecks whether a server is vulnerable to the Heartbleed bug.檢查服務器是否容易受到Heartbleed錯誤的影響。

HTML5 AuditorScans for usage of risky HTML5 features.掃描使用有風險的HTML5功能。

HTTP MockProvides mock responses that can be configured, based on real ones.提供可根據(jù)實際情況配置的模擬響應。

HTTPoxy ScannerScans for the HTTPoxy vulnerability.掃描HTTPoxy漏洞。

Identity CrisisChecks if a particular URL responds differently to various User-Agent headers.檢查特定URL是否對各種User-Agent標頭響應不同。

Image Location & Privacy ScannerPassively scans jpeg / png / tiff for embedded GPS, IPTC, and camera-proprietary location & privacy exposures.被動掃描jpeg / png / tiff，用于嵌入式GPS，IPTC和相機專有位置和隱私曝光。

Image MetadataExtracts metadata from image files.從圖像文件中提取元數(shù)據(jù)。

Image Size IssuesDetects potential denial of service attacks in image retrieval functions.檢測圖像檢索功能中的潛在拒絕服務攻擊。

Intruder File Payload GeneratorAllows use of file contents and filenames as Intruder payloads.允許將文件內(nèi)容和文件名用作入侵者有效負載。

Intruder Time PayloadsLets you include the current epoch time in Intruder payloads.允許您在Intruder有效負載中包含當前的紀元時間。

Issue PosterPosts discovered Scanner issues to an external web service.帖子發(fā)現(xiàn)掃描程序問題到外部Web服務。

J2EEScanAdds scan checks focused on Java environments and technologies.添加針對Java環(huán)境和技術(shù)的掃描檢查。

Java Deserialization ScannerPerforms active and passive scans to detect Java deserialization vulnerabilities.執(zhí)行主動和被動掃描以檢測Java反序列化漏洞。

Java Serial KillerPerforms Java deserialization attacks using the ysoserial payload generator tool.使用ysoserial有效負載生成器工具執(zhí)行Java反序列化攻擊。

Java Serialized PayloadsGenerates Java serialized payloads to execute OS commands.生成Java序列化有效負載以執(zhí)行OS命令。

JCryption HandlerAnalyze web applications that use JCryption分析使用JCryption的Web應用程序

JSON BeautifierBeautifies JSON content in the HTTP message viewer.在HTTP消息查看器中美化JSON內(nèi)容。

JSON DecoderDisplays JSON messages in decoded form.以解碼形式顯示JSON消息。

JSON Web Token AttackerJOSEPH - JavaScript Object Signing and Encryption Pentesting HelperJOSEPH? -? JavaScript對象簽名和加密Pentesting Helper

JSON Web TokensEnables Burp to decode and manipulate JSON web tokens.使Burp能夠解碼和操作JSON Web令牌。

JSWS ParserParses JSWS responses and generates JSON requests for all supported methods.解析JSWS響應并為所有支持的方法生成JSON請求。

JVM Property EditorAllows viewing and editing of JVM system properties.允許查看和編輯JVM系統(tǒng)屬性。

Kerberos AuthenticationAdds support for performing Kerberos authentication.添加對執(zhí)行Kerberos身份驗證的支持。

LairSends Burp Scanner issues directly to a remote Lair project.將Burp Scanner問題直接發(fā)送到遠程Lair項目。

Length Extension AttacksPerforms hash length extension attacks on weak signature mechanisms.對弱簽名機制執(zhí)行散列長度擴展攻擊。

LightBulb WAF Auditing FrameworkAn open source python framework for auditing WAFs and Filters.用于審核WAF和過濾器的開源python框架。

Log Requests to SQLiteLog every request made by Burp to an SQLite database將Burp發(fā)出的每個請求記錄到SQLite數(shù)據(jù)庫

Log ViewerLets you view log files generated by Burp in a graphical enviroment.允許您在圖形環(huán)境中查看Burp生成的日志文件。

Logger++Logs requests and responses for all Burp tools in a sortable table.在可排序表中記錄所有Burp工具的請求和響應。

Manual Scan IssuesAllows users to manually create custom issues within the Burp Scanner results.允許用戶在Burp Scanner結(jié)果中手動創(chuàng)建自定義問題。

Match/Replace Session ActionProvides a match and replace function as a Session Handling Rule.提供匹配和替換功能作為會話處理規(guī)則。

MessagePackAllows conversion of MessagePack messages to/from JSON format.允許將MessagePack消息轉(zhuǎn)換為JSON格式或從JSON格式轉(zhuǎn)換。

Meth0dManGenerates custom Intruder payloads based on the site map.根據(jù)站點地圖生成自定義入侵者有效負載。

MindMap ExporterAids with documentation of OWASP Testing Guide V4 tests.幫助記錄OWASP測試指南V4測試。

Multi Session ReplayAllows replay of requests in multiple sessions, to identify authorization vulnerabilities允許在多個會話中重播請求，以識別授權(quán)漏洞

Multi-Browser HighlightingHighlight the Proxy history to differentiate requests made by different browsers突出顯示代理歷史記錄以區(qū)分不同瀏覽器發(fā)出的請求

Nessus LoaderParse Nessus output to detect web servers and add to Site Map解析Nessus輸出以檢測Web服務器并添加到站點地圖

NGINX Alias TraversalDetects NGINX alias traversal due to misconfiguration.檢測由于配置錯誤導致的NGINX別名遍歷。

NMAP ParserParses Nmap output files and adds common web ports to Burp's target scope.解析Nmap輸出文件并將常用Web端口添加到Burp的目標范圍。

NotesLets you take notes and manage external documents from within Burp.讓您在Burp中記筆記和管理外部文檔。

NTLM Challenge DecoderDecode NTLM SSP headers and extract domain/host information解碼NTLM SSP標頭并提取域/主機信息

Office Open XML EditorLets you edit Office Open XML files directly in Burp; useful for exploiting XXE允許您直接在Burp中編輯Office Open XML文件;對于利用XXE很有用

OpenAPI ParserOpenAPI parser fully compliant with OpenAPI 2.0/3.0 Specifications (OAS). Supports both JSON and YAML formats.OpenAPI解析器完全符合OpenAPI 2.0 / 3.0規(guī)范（OAS）。支持JSON和YAML格式。

Param MinerThis extension identifies hidden, unlinked parameters. It's particularly useful for finding web cache poisoning vulnerabilities.此擴展名標識隱藏的，未鏈接的參數(shù)。它對于查找Web緩存中毒漏洞特別有用。

ParamalyzerImproves efficiency of manual parameter analysis for web penetration tests.提高Web滲透測試的手動參數(shù)分析效率。

ParrotNGAdds a custom Scanner check to identify Flex applications vulnerable to CVE-2011-2461 (APSB11-25).添加自定義掃描程序檢查以識別易受CVE-2011-2461（APSB11-25）影響的Flex應用程序。

Payload ParserGenerates payload lists based on a set of characters that are sanitized.根據(jù)已清理的一組字符生成有效負載列表。

Pcap ImporterImports and passively scans Pcap files.導入并被動掃描Pcap文件。

PDF MetadataProvides an additional passive Scanner check for metadata in PDF files.為PDF文件中的元數(shù)據(jù)提供額外的被動掃描程序檢查。

PDF ViewerAllows viewing of PDF files directly within Burp.允許直接在Burp中查看PDF文件。

PeopleSoft Token ExtractorThis extension help test PeopleSoft SSO tokens.此擴展程序有助于測試PeopleSoft SSO令牌。

PHP Object Injection CheckFinds PHP object injection vulnerabilities.查找PHP對象注入漏洞。

Postman IntegrationIntegrate with the Postman tool by generating a collection file.通過生成集合文件與Postman工具集成。

Protobuf DecoderDecodes and beautifies protobuf responses.解碼和美化protobuf響應。

Proxy Action RulesAutomatically forward, intercept and drop requests based on rules.根據(jù)規(guī)則自動轉(zhuǎn)發(fā)，攔截和刪除請求。

Proxy Auto ConfigAutomatically configures Burp upstream proxies to match desktop proxy settings.自動配置Burp上游代理以匹配桌面代理設置。

PsychoPATHA customizable payload generator suitable for detecting a variety of file path vulnerabilities.可定制的有效負載生成器，適用于檢測各種文件路徑漏洞。

Python ScripterAllows execution of a custom Python script on each HTTP request and response.允許在每個HTTP請求和響應上執(zhí)行自定義Python腳本。

Qualys WASProvides a way to easily push Burp scanner findings to the Qualys Web Application Scanning (WAS) module.提供一種將Burp掃描儀結(jié)果輕松推送到Qualys Web應用程序掃描（WAS）模塊的方法。

Random IP Address HeaderAutomatically generates fake source IP address headers to evade WAF filters.自動生成虛假的源IP地址標頭以避開WAF過濾器。

Reflected File Download CheckerChecks for reflected file downloads.檢查反映的文件下載。

Reflected ParametersMonitors traffic and looks for parameter values that are reflected in the response.監(jiān)控流量并查找響應中反映的參數(shù)值。

Reissue Request ScripterThis extension generates scripts to reissue selected requests.此擴展生成腳本以重新發(fā)出所選請求。

ReplicatorHelps developers replicate findings discovered in pen tests.幫助開發(fā)人員復制筆測試中發(fā)現(xiàn)的結(jié)果。

Report To Elastic SearchReports issues discovered by Burp to an ElasticSearch database.將Burp發(fā)現(xiàn)的問題報告給ElasticSearch數(shù)據(jù)庫。

Request HighlighterAutomatically highlights different HTTP requests based on headers content根據(jù)標頭內(nèi)容自動突出顯示不同的HTTP請求

Request MinimizerMinimize requests by removing ad cookies, cachebusters, etc.通過刪除廣告Cookie，緩存等來最小化請求。

Request RandomizerPlaces a random value into a specified location within requests.將隨機值放入請求中的指定位置。

Request TimerCaptures response times for requests made by all Burp tools.捕獲所有Burp工具發(fā)出的請求的響應時間。

Response ClustererClusters similar responses together.集群類似的響應在一起。

Retire.jsIntegrates with the Retire.js repository to find vulnerable JavaScript libraries.與Retire.js存儲庫集成以查找易受攻擊的JavaScript庫。

Reverse Proxy DetectorDetects reverse proxy servers.檢測反向代理服務器。

Same Origin Method ExecutionDetects same origin method execution vulnerabilities.檢測相同的原始方法執(zhí)行漏洞。

SAML EditorAdds a tab to Burp's message editor for decoding/encoding SAML messages.向Burp的消息編輯器添加一個選項卡，用于解碼/編碼SAML消息。

SAML Encoder / DecoderAdds a tab to Burp's main UI for decoding/encoding SAML messages.向Burp的主UI添加一個選項卡，用于解碼/編碼SAML消息。

SAML RaiderProvides a SAML message editor and a certificate management tool to help with testing SAML infrastructures.提供SAML消息編輯器和證書管理工具，以幫助測試SAML基礎結(jié)構(gòu)。

SAMLReQuestEnables you to view, decode, and modify SAML requests and responses.使您可以查看，解碼和修改SAML請求和響應。

Scan Check BuilderExtend the Burp active and passive scanner by creating custom scan checks with an intuitive graphical interface.通過使用直觀的圖形界面創(chuàng)建自定義掃描檢查，擴展Burp主動和被動掃描程序。

Scan manual insertion pointDo an active scan of just the insertion point defined by a selection in the UI.僅對UI中的選擇定義的插入點進行主動掃描。

SentinelPerforms custom scanning for vulnerabilities in web applications.對Web應用程序中的漏洞執(zhí)行自定義掃描。

Session AuthIdentifies authentication privilege escalation vulnerabilities.標識身份驗證權(quán)限升級漏洞。

Session Timeout TestDetermines server session timeout intervals.確定服務器會話超時間隔。

Session Tracking ChecksChecks for the presence of known session tracking sites檢查是否存在已知的會話跟蹤站點

Similar Request ExcluderImproves efficiency by automatically marking similar requests as 'out-of-scope'.通過自動將類似請求標記為“超出范圍”來提高效率。

Site Map ExtractorExtracts key data from the Site Map and allows export to CSV.從站點地圖中提取關(guān)鍵數(shù)據(jù)，并允許導出為CSV。

Site Map FetcherFetches the responses of unrequested items in the site map.獲取站點地圖中未請求項目的響應。

Software Version ReporterPassively reports server software version numbers.被動報告服務器軟件版本號。

Software Vulnerability ScannerSoftware vulnerability scanner based on Vulners.com audit API基于Vulners.com審計API的軟件漏洞掃描程序

SpyDirEnumerates application endpoints via a local source code repository.通過本地源代碼存儲庫枚舉應用程序端點。

SQLiPy Sqlmap IntegrationInitiates SQLMap scans directly from within Burp.直接從Burp中啟動SQLMap掃描。

SSL ScannerScan for SSL vulnerabilities using techniques from testssl.sh and a2sv.使用testssl.sh和a2sv中的技術(shù)掃描SSL漏洞。

TaboratorImproved Collaborator client in its own tab改進了Collaborator客戶端在其自己的選項卡中

Target RedirectorRedirect requests to a new target, to cope with moved apps.將請求重定向到新目標，以應對移動的應用程序。

ThreadFixProvides an interface to the ThreadFix vulnerability management platform.提供ThreadFix漏洞管理平臺的接口。

Token ExtractorExtract tokens from responses and use these in future requests從響應中提取令牌并在將來的請求中使用這些令牌

Token IncrementorIncrement a token in each request. Useful for parameters like username that must be unique.在每個請求中增加一個令牌。對于必須是唯一的用戶名等參數(shù)很有用。

TokenJarManages tokens and updates request parameters with current values.管理令牌并使用當前值更新請求參數(shù)。

Turbo IntruderSend large numbers of HTTP requests and analyze the results發(fā)送大量HTTP請求并分析結(jié)果

Upload ScannerTest file uploads with payloads embedded in meta data for various file formats.測試文件上載，其中包含嵌入元數(shù)據(jù)中的有效負載，用于各種文件格式。

UUID DetectorPassively reports UUID/GUIDs observed within HTTP requests.被動地報告在HTTP請求中觀察到的UUID / GUID。

WAF Cookie FetcherFetches JavaScript cookies into the Burp cookie jar; useful to handle WAFs.將JavaScript cookie提取到Burp餅干罐中;對處理WAF很有用。

WAFDetectPassively detects web application firewalls from HTTP responses.從HTTP響應中被動檢測Web應用程序防火墻。

Wayback MachineGenerate a sitemap using Wayback Machine.使用Wayback Machine生成站點地圖。

WCF DeserializerAllows Burp to view and modify binary SOAP objects.允許Burp查看和修改二進制SOAP對象。

Web Cache Deception ScannerDetect web cache misconfigurations with Burp.使用Burp檢測Web緩存配置錯誤。

WebInspect ConnectorIntegrates Burp with HP WebInspect.將Burp與HP WebInspect集成。

WebSphere Portlet State DecoderDisplays information about IBM WebSphere Portlet state.顯示有關(guān)IBM WebSphere Portlet狀態(tài)的信息。

What-The-WAFExtends Intruder to aid in testing Web Application Firewalls.擴展入侵者以幫助測試Web應用程序防火墻。

Wordlist ExtractorScrapes all unique words and numbers for use with password cracking剪切所有用于密碼破解的獨特單詞和數(shù)字

WordPress ScannerFind known vulnerabilities in WordPress plugins and themes using WPScan database.使用WPScan數(shù)據(jù)庫查找WordPress插件和主題中的已知漏洞。

WSDL WizardScans a target server for WSDL files.掃描目標服務器以獲取WSDL文件。

WsdlerParses WSDL files and generates SOAP requests to the enumerated endpoints.解析WSDL文件并生成對枚舉端點的SOAP請求。

XChromeLogger DecoderAdds a new HTTP message editor tab to display X-ChromeLogger-Data in decoded form.添加新的HTTP消息編輯器選項卡以解碼形式顯示X-ChromeLogger-Data。

XSS ValidatorSends responses to a locally-running XSS-Detector server.將響應發(fā)送到本地運行的XSS-Detector服務器。

YaraIntegrates Yara scanner into Burp Suite.將Yara掃描儀集成到Burp Suite中。