You can then define a specific authorization header and it’s also possible to use a local web interface to build your GraphQL requests. InQL allows you to perform Introspection, and if it’s available, you will have all Mutations and Query integrated in Burp Suite. ![]() In my last article about GraphQL exploitation, I told you about InQL, and it is thus quite naturally that this extension finds its place here. Writing GraphQL requestcan be challenging, even more when you have mutations. Called HopLa, this extension also add autocompletion for payloads. ![]() A few days ago, a new plugin (inspired by BurpSuiteAutoCompletion) has been released by Synacktiv. ![]() BurpSuiteAutoCompletion was the first addon (if I remember correctly) to integrate autocompletion for headers in Repeater tab and Intruder too. These two plugins are very similar but both helps when you want tosave time writing requests and crafting payloads and headers more easily. □ Addons to write your requests faster BurpSuiteAutoCompletion & HopLa: autocompletion for headers & payloads If you think I’ve forgotten some essential addons (and I probably did) feel free to ping me on Twitter. The following extensions are all very useful and complementary, so we decided to cover those in a single dedicated article rather than detailing each one separately. ![]() However, those will certainly make your daily life as a Bug Hunter (so much) easier, especially because they are really convenient! Many of them can be used to do some one-click actions such as sending requests to FUFF or SQLmap directly, analysing Javascript… and more. Let’s be honest: these extensions will not do everything for you, nor will they make you rich in the blink of an eye. These last few weeks, we have selected 17 Burp Suite addons that caught our attention and certainly deserve yours. Given the wide range of available plugins, we have launched a series called “PimpMyBurp” to present our selection of Burp Suite extensions. Burp Suite is a great tool for bug bounty and general security testing.
0 Comments
Leave a Reply. |