Skip to content
Used to manage burp extensions that I find useful.
Branch: master
Clone or download
Fetching latest commit…
Cannot retrieve the latest commit at this time.
Type Name Latest commit message Commit time
Failed to load latest commit information.



Ansible playbook to install Burp extensions.

In case you've stumbled across this project, it's my first Ansible role so try not to judge too harshly. Consider it a work in progress, and let me know how I can make it better.


Install dependencies:

ansible-galaxy install -r requirements.yml

Create directory for logs:

sudo chown -R <your username>:<suitable group for your user> /var/log/$USER

Make sure ~/.ansible.cfg has the following in it:

log_path = /var/log/<your username>/ansible.log

To run:

  1. Run this command:
ansible-playbook -vvv site.yml
  1. Once the command has finished, load the ~/burpExtensions/burp_user_options.json file in burp for the user options

Included Burp Extensions

  • ActiveScan++
  • AuthMatrix
  • Backslash-Powered-Scanner
  • CO2
  • Content-Type Converter
  • Copy As Python-Requests
  • Freddy, Deserialization Bug Finder - Detect and exploit serialisation libs and APIs
  • HUNT Methodology
  • HUNT Scanner
  • J2EEScan
  • JSON Web Tokens - Used to manipulate JWTs
  • Logger++
  • Paramalyzer
  • Retire.js
  • SAML Raider - Used for testing SAML infrastructure for vulnerabilities
  • Upload Scanner


Tested on OS X && Ubuntu 16.04 You need to be sure that the PATH for the version of python you're using with Ansible is set properly in the crontab: crontab -e PATH=<your path> <- put this at the top of the file and save it. If you have a proxy, put your proxy settings in here too: http_proxy=<proxy> etc.

Something Missing?

Let me know:


  • Modularize
  • Make friendly with other OS's
  • Figure out how to get latest release of an extension from github if offered
  • Create cronjob to destroy and rebuild every week
  • Add Content-Type Converter
  • Add Paramalyzer
  • Add Logger++
  • Add ActiveScan++
  • Add Backslash Powered Scanner
  • Add J2EEScan
  • Add AuthMatrix
  • Add Upload Scanner
  • Add Copy As Python-Requests
  • Add JSON Web Tokens
  • Add Freddy, Deserialization Bug Finder
  • Unarchive bapps
  • Add burp_user_options template
  • Move auto-update to bash script template
  • [] Add logging and log rotation
  • [] Unit tests
  • [] DRY code up
  • [] Travis-CI



You can’t perform that action at this time.