Set up your Burp with YesWeHack programs and scopes

YesWeBurp is an extension for BurpSuite allowing you to access all your bug bounty programs directly inside Burp.

YesWeBurp also help you to instantly configure Burp according to the program rules.

How to install it?

First of all, you can find all information and download it from our Github here :

Just follow the instructions on our Github :)

How to use it?

On the Options tab you can set your credentials. If OTP is activated on your account (and it is strongly recommended), you can enter your OTP, and click on Fetch programs. Once you are logged in, the programs remain visible until Burp is closed.

You can also check the box “Remember password“.

If everything is okay, you should see a new tab called “Programs” which contains the full list of public and also private programs (in orange) you have access.

When you click on a program, all the information are displayed in different tabs:

  • Rules
  • Scopes
  • Qualifying vulnerabilities
  • Account access

In the top right-hand corner there is a “Configure Burp” button. If you click on it, a new window with the scope information will open:

  • Scope
  • User-Agent rules

Each line can be modified (in case of regex is not properly defined) before to be added to scope. Once you have selected the scopes, you can add them to your burp by clicking on the button “Add to scope“. If a program asks to define a specific User-Agent, you can also modify and add it by clicking on the button “Add match/replace rule“.