This extension complements complements Burp's active scanner by using a novel approach capable of finding and confirming both known and unknown classes of server-side injection vulnerabilities. Evolved from classic manual techniques, this approach reaps many of the benefits of manual testing including casual WAF evasion, a tiny network footprint, and flexibility in the face of input filtering.
For more information, please refer to the whitepaper at http://blog.portswigger.net/2016/11/backslash-powered-scanning-hunting.html
The code can be found at https://github.com/portswigger/backslash-powered-scanner Contributions and feature requests are welcome.
This extension requires Burp Suite Pro 1.7.10 or later. To install it, simply use the BApps tab in Burp.
If you want to manually build/install it from source, you'll need to add the following JAR to your libraries: https://commons.apache.org/proper/commons-lang/download_lang.cgi