Burp extension to evade TLS fingerprinting. Bypass WAF, spoof any browser.

Awesome Burp Suite Resources. 400+ open source Burp plugins, 400+ posts and videos.

HopLa Burp Suite Extender plugin - Brings AI capabilities, autocompletion support, and a set of useful payloads to Burp Suite

Burp Suite extension that adds built-in MCP tooling, AI-assisted analysis, privacy controls, passive and active scanning and more

Hands-on projects for beginners to learn and practice essential cybersecurity skills through security assessments.

Weaponize Your Burp is a repository for automation your Bug Bounty Hunting mindset in Burp Suite

Burp Suite extension for API security testing with 15 attack types, 108+ payloads, intelligent fuzzing, BOLA/IDOR detection, AI integration, and automated reconnaissance. Supports REST/GraphQL/SOAP APIs with Nuclei, Turbo Intruder, and external tool integration. OWASP API Top 10 coverage.

Cheatsheet, Notes, Payloads and Mayhem for Burp Suite Practitioner Exam (BSCP)

Beginner-friendly web penetration testing projects for hands-on learning.

Lightweight BApp that seamlessly integrates powerful LLM-scanning capabilities into Burp's built-in Scanner with improved accuracy. Supports the latest LLMs from OpenAI (gpt-4o, o1), Anthropic (Claude 3.5, Claude 3), and Google (Gemini 1.5). Requires valid API key(s) and an active Burp Suite Pro or Enterprise license.

AI-powered vulnerability scanner extension for Burp Suite with multi-provider support (Ollama, OpenAI, Claude, Gemini)

All Apprentice and Practitioner-level Portswigger labs

A powerful Burp Suite extension that automatically detects JavaScript URLs from HTTP traffic, scans them using TruffleHog for secrets detection, and sends findings to Discord webhooks in real-time.

Battle Cats MITM Mailbox Hack

A universal MCP client with proxying feature to interact with MCP Servers which support STDIO transport.

A Collection of penetration testing and Linux administration commands in PDFs. Include's detailed guides on tools like Nmap, Sqlmap, Hydra, and Linux system management etc..

🐐 GoatOS - A lightweight Linux distribution focused on Web & API penetration testing. Built on Debian with GNOME, featuring nuclei, httpx, ffuf, Burp Suite, and curated tools. Unlike Kali/Parrot, we focus exclusively on web security.

Dual-component security testing tool for bypassing WAFs, CAPTCHAs, and anti-bot protections. Chrome extension records HTTP traffic during manual browser interaction. Burp Suite extension imports HAR files and extracted cookies for automated bug bounty and penetration testing workflows.

🛡️AI-Powered Penetration Testing Platform with intelligent filtering, automated vulnerability testing, and Burp-style request inspector

HTTP session viewer