Burp Suite Pro is our tool of choice for webapps pentesting. We use it for manual operations but we also like its powerful scanner. However we usually prefer to use it surgically: only scan a specific parameter at a time (called an « insertion point »).
This feature is available by sending any request to the Intruder tool, selecting the parameter with the § markers, and using this little-known context menu item:
But I found this process tedious, so I decided to create a simple, but convenient, Burp extension to be able to do the same, just by selecting an area in any request from any Burp tool (without having to send it to the Intruder) and using this new context menu item:
The extension is available, for the free and pro versions, in the online BApp Store or directly in the software:
As with every Burp extension, the source code is available on Github:
- Portswigger’s forked repository (used to build the binary distributed to the store)
- Original repository (used for development)
— Clément Notin (@cnotin)