# Burp Suite Tips and Tricks

* <https://twitter.com/jon_bottarini/status/1140700782343278592> - Match and Replace
  * <https://twitter.com/intigriti/status/1192103070072741894> - Additonal
  * How was i able to access a disabled/hidden feature with the help of burpsuite match and replace feature [#bugbountytip](https://twitter.com/hashtag/bugbountytip?src=hashtag_click) [#bugbounty](https://twitter.com/hashtag/bugbounty?src=hashtag_click)[![](https://pbs.twimg.com/card_img/1281260297723023365/a3pppEif?format=png\&name=medium)](https://t.co/q6O93zv2uu?amp=1)[Getting access to disabled/hidden features with the help of Burp Match and ReplaceA few months ago, During my bug bounty hunting, I came across a Company that lets other developers create API documentation similar to…medium.com](https://t.co/q6O93zv2uu?amp=1)
* <https://twitter.com/Regala_/status/1032563800405360640>  - Find Refernces
* Favourite Plugins - <https://twitter.com/intigriti/status/1093128957921251328>
* <https://twitter.com/trimstray/status/1088019484118528000>
* Burp Hacks - <https://www.youtube.com/watch?v=boHIjDHGmIo>
* <https://twitter.com/trimstray/status/1068095885026955264>
* <https://portswigger.net/research/adapting-burp-extensions-for-tailored-pentesting>
* <https://twitter.com/Gamliel_InfoSec/status/1162126101868679173> -If you see piece of junk information in the Request/Response body, don't forget gonna Proxy > Options tab and![✅](https://abs-0.twimg.com/emoji/v2/svg/2705.svg) "Unpack gzip/deflate in Resp/Req" (by default they aren't marked).
* <https://twitter.com/ranjit_pahan/status/1126191087331053568>
* Favourite plugins - <https://twitter.com/nnwakelam/status/1162453221027307525>
* <https://twitter.com/gwendallecoguic/status/1138383809106391040> - Burp Collaborator
* <https://parsiya.net/blog/2019-10-13-quality-of-life-tips-and-tricks-burp-suite/>
* <https://twitter.com/Dinosn/status/1212706039553908737>
* <https://twitter.com/Agarri_FR/status/1217148102366388226>
* <https://twitter.com/fs0c131y/status/1221717980322631681> - Favourite Extensions
* <https://twitter.com/fasthm00/status/1228118057144537088>
* <https://www.coalfire.com/Solutions/Coalfire-Labs/The-Coalfire-LABS-Blog/june-2018/protips-testing-applications-using-burp-and-more>
* <https://portswigger.net/blog/burps-new-crawler>
* <https://twitter.com/jon_bottarini/status/1140700782343278592>
* <https://twitter.com/Unknownuser1806/status/1225698253867405315> - Extension
* Burp Extensions - <https://twitter.com/search?q=Burp%20Extensions%20%23bugbounty&src=typed_query>
* <https://github.com/elespike/burp-cph>
* <https://vdalabs.com/2020/05/08/burpsuite-extensions-some-favorites/>
* [Are you using @Burp\_Suite with @firefox and don' want see \
  the http://detectportal.firefox.com  requests? Try this steps: https://twitter.com/firefox/status/841843869205598208](https://twitter.com/vahidnameni/status/1031513363476635650)
* <https://portswigger.net/blog/burp-suite-tips-from-power-user-and-hackfluencer-stok>

Just released my first[@Burp\_Suite](https://twitter.com/Burp_Suite) plugin. If you use multiple browsers through burp, check this out:[aurainfosec/burp-multi-browser-highlightingHighlight Burp proxy requests made by different browsers - aurainfosec/burp-multi-browser-highlightinggithub.com](https://t.co/vT3OdoCcMq?amp=1)

Automating Web Apps Input fuzzing via [#Burp](https://twitter.com/hashtag/Burp?src=hashtag_click) Macros [http://blog.securelayer7.net/automating-web-apps-input-fuzzing-via-burp-macros/](https://t.co/I9ICql6YAm?amp=1)

Blog post: Turbo Intruder: Embracing the billion-request attack[![](https://pbs.twimg.com/card_img/1280967443146371073/DG0KUfYJ?format=png\&name=small)](https://t.co/Z1qu1cYAxC?amp=1)[Turbo Intruder: Embracing the billion-request attack | PortSwigger Researchportswigger.net](https://t.co/Z1qu1cYAxC?amp=1)

Need to import multiple URL;s in to burp suite - <https://twitter.com/search?q=parallell%20bugbountytip&src=typed_query>

cat yahoourls.txt| parallel -j 10 curl --proxy <http://127.0.0.1:8080> -sk > /dev/null

[\
![](https://pbs.twimg.com/profile_images/1235840495663722496/1jPPEFB7_reasonably_small.jpg)](https://twitter.com/1m4xx0)[D Ξ Ξ P Λ K ![⚙️](https://abs-0.twimg.com/emoji/v2/svg/2699.svg)@1m4xx0](https://twitter.com/1m4xx0)·[Oct 10, 2019](https://twitter.com/1m4xx0/status/1182007481574146048)One liner to import whole list of subdomains into Burp suite for automated scanning! cat \<file-name> | parallel -j 200 curl -L -o /dev/null {} -x 127.0.0.1:8080 -k -s [#bugbountytips](https://twitter.com/hashtag/bugbountytips?src=hashtag_click) [#bugbounty](https://twitter.com/hashtag/bugbounty?src=hashtag_click) [#bugbountytip](https://twitter.com/hashtag/bugbountytip?src=hashtag_click)

{% embed url="<https://github.com/Static-Flow/BurpSuite-Team-Extension>" %}

* <https://github.com/thegsoinfosec/BurpSuite_payloads>

{% embed url="<https://twitter.com/harshbothra_/status/1299720306777415680?s=20>" %}

{% embed url="<https://twitter.com/tvmpt/status/1179154424708685824>" %}

* [urlgrab --url SITE\_HERE.com --ignore-ssl --proxy socks5://127.0.0.1:8080](https://twitter.com/DevinStokes/status/1280633964147834880?s=20)

{% embed url="<https://twitter.com/Alra3ees/status/1312267528434061312?s=20>" %}

![](/files/-MWEI-xhECOM1fvQSrS9)

* <https://github.com/allyomalley/BurpParamFlagger/>

{% embed url="<https://twitter.com/an0nud4y/status/1441259424526397450?s=20>" %}

{% embed url="<https://twitter.com/codingo_/status/1356023836374757379?s=20>" %}

{% embed url="<https://twitter.com/NahamSec/status/1390027698571939841?s=20>" %}

{% embed url="<https://twitter.com/sillydadddy/status/1392824042042781697?s=20>" %}

{% embed url="<https://twitter.com/codingo_/status/1394276284889370625?s=20>" %}

{% embed url="<https://twitter.com/KathanP19/status/1393193575609892869?s=20>" %}

{% embed url="<https://twitter.com/ADITYASHENDE17/status/1296820434613149697?s=20>" %}

{% embed url="<https://twitter.com/tbbhunter/status/1398350393755701250?s=20>" %}

{% embed url="<https://twitter.com/PortSwigger/status/1400824159073042433?s=20>" %}

* <https://github.com/JGillam/burp-paramalyzer>
* <https://github.com/Hxzeroone/quoted-printable-Parser>


---

# Agent Instructions: Querying This Documentation

If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question.

Perform an HTTP GET request on the current page URL with the `ask` query parameter:

```
GET https://gowthams.gitbook.io/bughunter-handbook/burp-suite-tips-and-tricks.md?ask=<question>
```

The question should be specific, self-contained, and written in natural language.
The response will contain a direct answer to the question and relevant excerpts and sources from the documentation.

Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.