Before I start on this section, I would like to inform you that I did not include the Sequencer, Decoder, and Comparer tabs in this chapter. In fact, I excluded them on purpose, because their usage is very straightforward. You will rarely use them in your daily career, so why waste your time?

Burp Extender is an important tab; it will allow you to include additional, powerful functionalities in Burp. For example, if you want to add the functionality to scan for outdated JavaScript libraries, then you can install the module Retire.js, and it will do the work for you. There is a tool for every need: WAF, errors, Java, .NET, SQLi, XSS, and so on.

Before starting to use the BApp Store, you will need to download the Jython standalone JAR from: http://www.jython.org/downloads.html.

Jython is a library for Java and Python, and some apps use this library, so it's a prerequisite for the apps to work. After downloading the file, go to the Extender/Options tab, and include the path where you copied the downloaded file:

To install your favorite app, go to the BApp Store tab and pick the application that fits your needs, then click on the Install button to install it. Sometimes, it takes a few seconds to install the app, so be patient. Some applications will inject an additional tab in Burp, so you will be able to configure it and manage the results at the same time:

I use these apps a lot, and I thought I should share a list of my favorite ones:

• Active Scan ++
• Additional Scanner Checks
• Backslash Powered Scanner
• CO2
• Error Message Checks
• JSON Beautifier
• Random IP Address Header
• Retire.js
• Scan manual insertion point
• SQLiPy
• WAFDetect
• Wordlist Extractor