Faction BurpSuite Extension

Most of the same Faction dashboard functionality is available inside the Faction BurpSuite Extension so you don’t even need to log into the web version when performing your assessments/Verifications. You have the ability to see you assessment queue, verification queue, assessment vulnerability history, and submit vulnerabilities directly from Burp.

Below is your assessment and verification queues.

Burp Suite Integration

Clicking on your current assessment will display the scope and assessment history as well as issues your teammates are discovering in real time.

Collaborate on PenTests

You can even replay the payloads found by other assessors into your repeater. Every payload saved to Faction will have the option to replay the request inside Burp. This helps not only with your current assessment but also for verification/retests. No longer will you need to find an old burp state to recreate findings for retest.

Collaborate on Red Team Assessments

SUBMIT VULNERABILITIES DIRECTLY FROM BURPSUITE :

Any request, response, or scan issue be added directly to Faction from Burp. For instance lets say you find XSS on a site. You can select just the section of the response showing the exploit and have it automatically added into your report. The following example will extract the POST request, the relevant section of the response, and you can add the reproduction steps. We support the Markdown syntax for inserting text and you can search the database for default vulnerabilities(i.e. XSS, SQLi, etc) to add to the assessment.

Easily Import Vulnerabilities

Below is an example the issue being inserted directly into the final report.

Custom Application Security Reporting