No description or website provided.
Latest commit de6eb61 Jan 2, 2017 Adam Piper Add BApp metadata files, Gradle build script, and tweak BurpExtender …
…so that it works with latest API.


This extension complements complements Burp's active scanner by using a novel approach capable of finding and confirming both known and unknown classes of server-side injection vulnerabilities. Evolved from classic manual techniques, this approach reaps many of the benefits of manual testing including casual WAF evasion, a tiny network footprint, and flexibility in the face of input filtering.

For more information, please refer to the whitepaper at

The code can be found at Contributions and feature requests are welcome.


This extension requires Burp Suite Pro 1.7.10 or later. To install it, simply use the BApps tab in Burp.

If you want to manually build/install it from source, you'll need to add the following JAR to your libraries: