When you buy Burp Suite Proffesional edition, it unlocs several possibilites in terms of extensions we can use. Some of the Proffesional edition extensions can be extremly useful for both bug bounty hunters and penters alike so i've taken the time to go through a few of them for you. They are not ranked in any order, these just stand out as 5 extensions i would always have installed.
ActiveScan++ extends Burp Suite's active and passive scanning capabilities. Designed to add minimal network overhead, it identifies application behaviour that may be of interest to advanced testers:
It also adds checks for the following issues:
It also provides insertion points for HTTP basic authentication. To invoke these checks, just run a normal active scan. The host header checks tamper with the host header, which may result in requests being routed to different applications on the same host. Exercise caution when running this scanner against applications in a shared hosting environment. These attacks are very invasive and can adjust other people's data unintended.
This extension passively scans for CSRF vulnerabilties. It does return a lot of false positives but it beats having to check CSRF manually on every target for every funcationality.
Sometimes we encounter J2EE applications in the wild, these require a completly differnt tactic from our usual scanning methods and that's why this extension has been made. It uses new scanning techniques to identify vulnerabilities in J2EE applications that the normal scanner could not.
Test cases: