Last but not least, another feature in Burp Pro you may need is "Generate CSRF PoC". It offers the same functionalities as the Burp Collaborator does: Interactsh Collaborator provides a good alternative, based on interactsh-client. Because if you know interactsh-collaborator extension, you won't miss a thing. It's valuable for testing OOB (Out-of-band), or generating temporary email addresses.ĭon't be sad yet if you cannot use Collaborator in the community edition. The Burp Collaborator is a killer tool in the Burp Pro version. If you are using Logger++ already, I'm pretty sure you won't open Burp Logger anymore, and you won't mind using the search functionality in the Burp Pro version either. As the name suggested, you could "grep" logs with matched patterns: Among all the features in Logger++, I find its grep tool is the most useful feature.
Logger++ provides enhanced search functionality. Missing the search function is a big deal in the Burp Suite community edition.
It's clearly not an option to go through all the requests and check them one by one.
Sometimes, you need to search for a specific request with a certain parameter in the request URI path or a specific request with a certain value in the response. Turbo Intruder will let you forget about the Burp Intruder in the Burp Pro version.Īfter a session of testing, you may already have collected hundreds of requests and responses in Logger or HTTP history. Personally, I find it's pretty handy for testing race conditions. You could modify any parameters as you want or add additional steps in the script to fit your needs. It supports Python scripts, which makes it flexible. To be honest, I never hit once its full speed and I don't know how fast it can truly go.Īnother highlight of the Turbo Intruder is the customization. However, Turbo Intruder is a beast on another level. Meanwhile, the Burp Pro version provides a decent speed Burp Intruder, which is suitable for daily usage. The time you waited for finishing a 1000-request brute-forcing attack can make you grow out some gray hair, slow and anxious. The first impression of this community edition Intruder is: It has really low RPS (Request Per Second). The Burp Suite community edition comes with a "lite" version of Burp Intruder. Basically, anyone who knew Burp extensions should have heard the name of Turbo Intruder. It's one of the most (if not the most) popular Burp extensions. Knowing how to use those extensions will make you feel like a pro. That's right, some powerful Burp Suite extensions can make the free community edition as good as the Burp Pro version. You should have noticed the pun in this post title 😉.
0 kommentar(er)
