A proof-of-concept tool for generating payloads that exploit unsafe Java object deserialization.

Install and run GNU/Linux on Android

Burp Bounty (Scan Check Builder in BApp Store) is a extension of Burp Suite that allows you, in a quick and simple way, to improve the active and passive scanner by means of personalized rules thro…

The new bridge between Burp Suite and Frida!

TCP/UDP Non-HTTP Proxy Extension (NoPE) for Burp Suite.

A byte code analyzer for finding deserialization gadget chains in Java applications

All-in-one plugin for Burp Suite for the detection and the exploitation of Java deserialization vulnerabilities

Finds unknown classes of injection vulnerabilities

Advanced Burp Suite Logging Extension

Analyses your Java applications for open-source dependencies with known vulnerabilities, using both static analysis and testing to determine code context and usage for greater accuracy. https://ecl…

Sample codes written for the Hackers to Hackers Conference magazine 2017 (H2HC).

A Burp Suite Pro extension which augments your proxy traffic by injecting non-invasive headers designed to reveal backend systems by causing pingbacks to Burp Collaborator

Material for the training "Developing Burp Suite Extensions – From Manual Testing to Security Automation"

JWT Support for Burp

A static byte code analyzer for Java deserialization gadget research

Security checks pack for Burp Suite

A Burp Extension to test applications for vulnerability to the Web Cache Deception attack

The Attack Surface Detector uses static code analyses to identify web app endpoints by parsing routes and identifying parameters