Burp Suite

Plugins

Backslash powered scanner, find additional vulns
JS Miner, gets sensitive content from js files
Active Scan++, find additional vulns
JS Link Finder, find links inside javascript files
Param Miner, mines urls searching for parameters
Reflector, find reflected inputs
JsLuice+ (https://github.com/0x999-x/jsluicepp)

Tips n Tricks

Send traffic from VPS to local burp

# Run this in terminal connecting to vps (if ssh with key is possible)
# When in WSL, portforwarding needs to be set
ssh -R 8080:127.0.0.1:8080 root@VPS_IP -f -N

# If you are in windows and need to pass passsord, use this
putty.exe -ssh user@host -pw password -R 8080:127.0.0.1:8080

# Visit the sites in VPS
curl URL -x http://127.0.0.1:8080

Bchecks

https://github.com/j3ssie/custom-bcheck-scan

Repositories

AwesomeBurpExtensions

Articles