# Burp Suite Tips and Tricks

* <https://twitter.com/jon_bottarini/status/1140700782343278592> - Match and Replace
  * <https://twitter.com/intigriti/status/1192103070072741894> - Additonal
  * How was i able to access a disabled/hidden feature with the help of burpsuite match and replace feature [#bugbountytip](https://twitter.com/hashtag/bugbountytip?src=hashtag_click) [#bugbounty](https://twitter.com/hashtag/bugbounty?src=hashtag_click)[![](https://pbs.twimg.com/card_img/1281260297723023365/a3pppEif?format=png\&name=medium)](https://t.co/q6O93zv2uu?amp=1)[Getting access to disabled/hidden features with the help of Burp Match and ReplaceA few months ago, During my bug bounty hunting, I came across a Company that lets other developers create API documentation similar to…medium.com](https://t.co/q6O93zv2uu?amp=1)
* <https://twitter.com/Regala_/status/1032563800405360640>  - Find Refernces
* Favourite Plugins - <https://twitter.com/intigriti/status/1093128957921251328>
* <https://twitter.com/trimstray/status/1088019484118528000>
* Burp Hacks - <https://www.youtube.com/watch?v=boHIjDHGmIo>
* <https://twitter.com/trimstray/status/1068095885026955264>
* <https://portswigger.net/research/adapting-burp-extensions-for-tailored-pentesting>
* <https://twitter.com/Gamliel_InfoSec/status/1162126101868679173> -If you see piece of junk information in the Request/Response body, don't forget gonna Proxy > Options tab and![✅](https://abs-0.twimg.com/emoji/v2/svg/2705.svg) "Unpack gzip/deflate in Resp/Req" (by default they aren't marked).
* <https://twitter.com/ranjit_pahan/status/1126191087331053568>
* Favourite plugins - <https://twitter.com/nnwakelam/status/1162453221027307525>
* <https://twitter.com/gwendallecoguic/status/1138383809106391040> - Burp Collaborator
* <https://parsiya.net/blog/2019-10-13-quality-of-life-tips-and-tricks-burp-suite/>
* <https://twitter.com/Dinosn/status/1212706039553908737>
* <https://twitter.com/Agarri_FR/status/1217148102366388226>
* <https://twitter.com/fs0c131y/status/1221717980322631681> - Favourite Extensions
* <https://twitter.com/fasthm00/status/1228118057144537088>
* <https://www.coalfire.com/Solutions/Coalfire-Labs/The-Coalfire-LABS-Blog/june-2018/protips-testing-applications-using-burp-and-more>
* <https://portswigger.net/blog/burps-new-crawler>
* <https://twitter.com/jon_bottarini/status/1140700782343278592>
* <https://twitter.com/Unknownuser1806/status/1225698253867405315> - Extension
* Burp Extensions - <https://twitter.com/search?q=Burp%20Extensions%20%23bugbounty&src=typed_query>
* <https://github.com/elespike/burp-cph>
* <https://vdalabs.com/2020/05/08/burpsuite-extensions-some-favorites/>
* [Are you using @Burp\_Suite with @firefox and don' want see \
  the http://detectportal.firefox.com  requests? Try this steps: https://twitter.com/firefox/status/841843869205598208](https://twitter.com/vahidnameni/status/1031513363476635650)
* <https://portswigger.net/blog/burp-suite-tips-from-power-user-and-hackfluencer-stok>

Just released my first[@Burp\_Suite](https://twitter.com/Burp_Suite) plugin. If you use multiple browsers through burp, check this out:[aurainfosec/burp-multi-browser-highlightingHighlight Burp proxy requests made by different browsers - aurainfosec/burp-multi-browser-highlightinggithub.com](https://t.co/vT3OdoCcMq?amp=1)

Automating Web Apps Input fuzzing via [#Burp](https://twitter.com/hashtag/Burp?src=hashtag_click) Macros [http://blog.securelayer7.net/automating-web-apps-input-fuzzing-via-burp-macros/](https://t.co/I9ICql6YAm?amp=1)

Blog post: Turbo Intruder: Embracing the billion-request attack[![](https://pbs.twimg.com/card_img/1280967443146371073/DG0KUfYJ?format=png\&name=small)](https://t.co/Z1qu1cYAxC?amp=1)[Turbo Intruder: Embracing the billion-request attack | PortSwigger Researchportswigger.net](https://t.co/Z1qu1cYAxC?amp=1)

Need to import multiple URL;s in to burp suite - <https://twitter.com/search?q=parallell%20bugbountytip&src=typed_query>

cat yahoourls.txt| parallel -j 10 curl --proxy <http://127.0.0.1:8080> -sk > /dev/null

[\
![](https://pbs.twimg.com/profile_images/1235840495663722496/1jPPEFB7_reasonably_small.jpg)](https://twitter.com/1m4xx0)[D Ξ Ξ P Λ K ![⚙️](https://abs-0.twimg.com/emoji/v2/svg/2699.svg)@1m4xx0](https://twitter.com/1m4xx0)·[Oct 10, 2019](https://twitter.com/1m4xx0/status/1182007481574146048)One liner to import whole list of subdomains into Burp suite for automated scanning! cat \<file-name> | parallel -j 200 curl -L -o /dev/null {} -x 127.0.0.1:8080 -k -s [#bugbountytips](https://twitter.com/hashtag/bugbountytips?src=hashtag_click) [#bugbounty](https://twitter.com/hashtag/bugbounty?src=hashtag_click) [#bugbountytip](https://twitter.com/hashtag/bugbountytip?src=hashtag_click)

{% embed url="<https://github.com/Static-Flow/BurpSuite-Team-Extension>" %}

* <https://github.com/thegsoinfosec/BurpSuite_payloads>

{% embed url="<https://twitter.com/harshbothra_/status/1299720306777415680?s=20>" %}

{% embed url="<https://twitter.com/tvmpt/status/1179154424708685824>" %}

* [urlgrab --url SITE\_HERE.com --ignore-ssl --proxy socks5://127.0.0.1:8080](https://twitter.com/DevinStokes/status/1280633964147834880?s=20)

{% embed url="<https://twitter.com/Alra3ees/status/1312267528434061312?s=20>" %}

![](https://3284959579-files.gitbook.io/~/files/v0/b/gitbook-legacy-files/o/assets%2F-LmdDaax1PAvLD05wJYt%2F-MWEHl-RsZEsjrS0h3IT%2F-MWEI-xhECOM1fvQSrS9%2Fimage.png?alt=media\&token=1108fb1b-55e3-48db-94f0-45c603811188)

* <https://github.com/allyomalley/BurpParamFlagger/>

{% embed url="<https://twitter.com/an0nud4y/status/1441259424526397450?s=20>" %}

{% embed url="<https://twitter.com/codingo_/status/1356023836374757379?s=20>" %}

{% embed url="<https://twitter.com/NahamSec/status/1390027698571939841?s=20>" %}

{% embed url="<https://twitter.com/sillydadddy/status/1392824042042781697?s=20>" %}

{% embed url="<https://twitter.com/codingo_/status/1394276284889370625?s=20>" %}

{% embed url="<https://twitter.com/KathanP19/status/1393193575609892869?s=20>" %}

{% embed url="<https://twitter.com/ADITYASHENDE17/status/1296820434613149697?s=20>" %}

{% embed url="<https://twitter.com/tbbhunter/status/1398350393755701250?s=20>" %}

{% embed url="<https://twitter.com/PortSwigger/status/1400824159073042433?s=20>" %}

* <https://github.com/JGillam/burp-paramalyzer>
* <https://github.com/Hxzeroone/quoted-printable-Parser>