• You can double click a tab in the repeater to rename it
• Use the decoder more often, it is built into burp suite and you can easily chain decodings
• Want to test something with the intruder but the payload is base64 encoded? Go to “Intruder > Payloads” and scroll down until you reach “Payload processors” and you can add your own rules there.
• Sometimes the clients request you always send a custom header with every request. This is so they can use that for logging and monitoring purposes. (We don’t want to wake up the sysadmin at 4 AM because we are detected and triggering alarm bells in a pentest for example). Use the “add custom header” extension for this.
• If you have to rate-limit all the tools in burp suite and want to make sure you do it evenly, use the “Distribute Damage BApp” extension
• Go to “Proxy > Options” and scroll down until you find the response modifications. Click “Unhide hidden fields”, “Highlight prominently”, “enable disabled fields” and “remove input length limits”. These are all front-end. protections built to protect the user from their own stupidity. We are attacking back-ends here.
• Testing multiple mobile devices? Set up multiple proxies and connect every device to its own proxy. You can later filter this traffic per proxy in the HTTP history
• Use advanced scope control where possible, this allows you to more easily define regex patterns instead of entering each URL individually. Be mindful that this is allowed though and make sure to ask your client.
• Always use retire.js but make sure to verify any potential exploits
• Install the sqlmap extension to run it straight from within burp and aggregate your results in 1 tool