Cette page vous donne les différences entre la révision choisie et la version actuelle de la page.
liste_d_extension_burp [2019/10/25 20:20] M0N5T3R créée |
liste_d_extension_burp [2020/01/03 23:01] (Version actuelle) M0N5T3R |
||
---|---|---|---|
Ligne 1: | Ligne 1: | ||
- | * [summitt/Burp-Non-HTTP-Extension: Non-HTTP Protocol Extension (NoPE) Proxy and DNS for Burp Suite.](https://github.com/summitt/Burp-Non-HTTP-Extension) | + | FIXME **Le PAD pour proposer une amélioration à cette page :** https://pad.zenk-security.com/p/merci |
- | * [SpiderLabs/Airachnid-Burp-Extension: A Burp Extension to test applications for vulnerability to the Web Cache Deception attack](https://github.com/SpiderLabs/Airachnid-Burp-Extension) | + | |
- | * [RUB-NDS/BurpSSOExtension: An extension for BurpSuite that highlights SSO messages in Burp's proxy window..](https://github.com/RUB-NDS/BurpSSOExtension) | + | |
- | * [nccgroup/BurpSuiteHTTPSmuggler: A Burp Suite extension to help pentesters to bypass WAFs or test their effectiveness using a number of techniques](https://github.com/nccgroup/BurpSuiteHTTPSmuggler) | + | * Burp Suite extension to discover assets from HTTP response using passive #scanning. https://github.com/redhuntlabs/BurpSuite-Asset_Discover |
- | * [NetSPI/JavaSerialKiller: Burp extension to perform Java Deserialization Attacks](https://github.com/NetSPI/JavaSerialKiller) | + | * [summitt/Burp-Non-HTTP-Extension: Non-HTTP Protocol Extension (NoPE) Proxy and DNS for Burp Suite.](https://github.com/summitt/Burp-Non-HTTP-Extension) |
- | * [h3xstream/burp-retire-js: Burp/ZAP/Maven extension that integrate Retire.js repository to find vulnerable Javascript libraries.](https://github.com/h3xstream/burp-retire-js) | + | * [SpiderLabs/Airachnid-Burp-Extension: A Burp Extension to test applications for vulnerability to the Web Cache Deception attack](https://github.com/SpiderLabs/Airachnid-Burp-Extension) |
- | * [PortSwigger/collaborator-everywhere: A Burp Suite Pro extension which augments your proxy traffic by injecting non-invasive headers designed to reveal backend systems by causing pingbacks to Burp Collaborator](https://github.com/PortSwigger/collaborator-everywhere) | + | * [RUB-NDS/BurpSSOExtension: An extension for BurpSuite that highlights SSO messages in Burp's proxy window..](https://github.com/RUB-NDS/BurpSSOExtension) |
- | * [SecurityInnovation/AuthMatrix: AuthMatrix is a Burp Suite extension that provides a simple way to test authorization in web applications and web services.](https://github.com/SecurityInnovation/AuthMatrix) | + | * [nccgroup/BurpSuiteHTTPSmuggler: A Burp Suite extension to help pentesters to bypass WAFs or test their effectiveness using a number of techniques](https://github.com/nccgroup/BurpSuiteHTTPSmuggler) |
- | * [augustd/burp-suite-error-message-checks: Burp Suite extension to passively scan for applications revealing server error messages](https://github.com/augustd/burp-suite-error-message-checks) | + | * [NetSPI/JavaSerialKiller: Burp extension to perform Java Deserialization Attacks](https://github.com/NetSPI/JavaSerialKiller) |
- | * [NetSPI/BurpExtractor: A Burp extension for generic extraction and reuse of data within HTTP requests and responses.](https://github.com/NetSPI/BurpExtractor) | + | * [h3xstream/burp-retire-js: Burp/ZAP/Maven extension that integrate Retire.js repository to find vulnerable Javascript libraries.](https://github.com/h3xstream/burp-retire-js) |
- | * [PortSwigger/brida: The new bridge between Burp Suite and Frida!](https://github.com/portswigger/brida) | + | * [PortSwigger/collaborator-everywhere: A Burp Suite Pro extension which augments your proxy traffic by injecting non-invasive headers designed to reveal backend systems by causing pingbacks to Burp Collaborator](https://github.com/PortSwigger/collaborator-everywhere) |
- | * [PortSwigger/distribute-damage: Evenly distributes scanner load across targets](https://github.com/PortSwigger/distribute-damage) | + | * [SecurityInnovation/AuthMatrix: AuthMatrix is a Burp Suite extension that provides a simple way to test authorization in web applications and web services.](https://github.com/SecurityInnovation/AuthMatrix) |
- | * [hvqzao/burp-wildcard: Burp extension intended to compact Burp extension tabs by hijacking them to own tab.](https://github.com/hvqzao/burp-wildcard) | + | * [augustd/burp-suite-error-message-checks: Burp Suite extension to passively scan for applications revealing server error messages](https://github.com/augustd/burp-suite-error-message-checks) |
- | * [Burp-Extensions/JSONPScannerCheck.py at master · tghosth/Burp-Extensions](https://github.com/tghosth/Burp-Extensions/blob/master/JSONPScannerCheck.py) | + | * [NetSPI/BurpExtractor: A Burp extension for generic extraction and reuse of data within HTTP requests and responses.](https://github.com/NetSPI/BurpExtractor) |
- | * [the-bumble/Burp-Scanner-OOB-Checks: This is a Burp extension for adding additional payloads to active scanner that require out-of-band validation. Works great with XSSHunter](https://github.com/the-bumble/Burp-Scanner-OOB-Checks) | + | * [PortSwigger/brida: The new bridge between Burp Suite and Frida!](https://github.com/portswigger/brida) |
- | * [d3vilbug/HackBar: HackBar plugin for Burpsuite v1.0](https://github.com/d3vilbug/HackBar) | + | * [PortSwigger/distribute-damage: Evenly distributes scanner load across targets](https://github.com/PortSwigger/distribute-damage) |
- | * [hvqzao/burp-second-order: Extension for semi-automated search for second order issues in webapps](https://github.com/hvqzao/burp-second-order) | + | * [hvqzao/burp-wildcard: Burp extension intended to compact Burp extension tabs by hijacking them to own tab.](https://github.com/hvqzao/burp-wildcard) |
- | * [PortSwigger/param-miner](https://github.com/portswigger/param-miner) | + | * [Burp-Extensions/JSONPScannerCheck.py at master · tghosth/Burp-Extensions](https://github.com/tghosth/Burp-Extensions/blob/master/JSONPScannerCheck.py) |
- | * [PortSwigger/command-injection-attacker: SHELLING - a comprehensive OS command injection payload generator](https://github.com/portswigger/command-injection-attacker) | + | * [the-bumble/Burp-Scanner-OOB-Checks: This is a Burp extension for adding additional payloads to active scanner that require out-of-band validation. Works great with XSSHunter](https://github.com/the-bumble/Burp-Scanner-OOB-Checks) |
- | * [wagiro/BurpBounty: Burp Bounty (Scan Check Builder in BApps Store) is a extension of Burp Suite that improve an active and passive scanner by yourself. This extension requires Burp Suite Pro.](https://github.com/wagiro/BurpBounty) | + | * [d3vilbug/HackBar: HackBar plugin for Burpsuite v1.0](https://github.com/d3vilbug/HackBar) |
- | * [righettod/log-requests-to-sqlite: BURP extension to record every HTTP request send via BURP and create an audit trail log of an assessment.](https://github.com/righettod/log-requests-to-sqlite) | + | * [hvqzao/burp-second-order: Extension for semi-automated search for second order issues in webapps](https://github.com/hvqzao/burp-second-order) |
- | * [albinowax/ActiveScanPlusPlus: ActiveScan++ Burp Suite Plugin](https://github.com/albinowax/ActiveScanPlusPlus) | + | * [PortSwigger/param-miner](https://github.com/portswigger/param-miner) |
- | * [PortSwigger/backslash-powered-scanner: Finds unknown classes of injection vulnerabilities](https://github.com/PortSwigger/backslash-powered-scanner) | + | * [PortSwigger/command-injection-attacker: SHELLING - a comprehensive OS command injection payload generator](https://github.com/portswigger/command-injection-attacker) |
- | * [RhinoSecurityLabs/SleuthQL: Python3 Burp History parsing tool to discover potential SQL injection points. To be used in tandem with SQLmap.](https://github.com/RhinoSecurityLabs/SleuthQL) | + | * [wagiro/BurpBounty: Burp Bounty (Scan Check Builder in BApps Store) is a extension of Burp Suite that improve an active and passive scanner by yourself. This extension requires Burp Suite Pro.](https://github.com/wagiro/BurpBounty) |
- | * [Ebryx/AES-Killer: Burp plugin to decrypt AES Encrypted traffic of mobile apps on fly](https://github.com/Ebryx/AES-Killer) | + | * [righettod/log-requests-to-sqlite: BURP extension to record every HTTP request send via BURP and create an audit trail log of an assessment.](https://github.com/righettod/log-requests-to-sqlite) |
- | * [luh2/DetectDynamicJS: The DetectDynamicJS Burp Extension provides an additional passive scanner that tries to find differing content in JavaScript files and aid in finding user/session data.](https://github.com/luh2/DetectDynamicJS) | + | * [albinowax/ActiveScanPlusPlus: ActiveScan++ Burp Suite Plugin](https://github.com/albinowax/ActiveScanPlusPlus) |
- | * [EnableSecurity/burp-luhn-payload-processor: A plugin for Burp Suite Pro to work with attacker payloads and automatically generate check digits for credit card numbers and similar numbers that end with a check digit generated using the Luhn algorithm or formula (also known as the "modulus 10" or "mod 10" algorithm).](https://github.com/EnableSecurity/burp-luhn-payload-processor) | + | * [PortSwigger/backslash-powered-scanner: Finds unknown classes of injection vulnerabilities](https://github.com/PortSwigger/backslash-powered-scanner) |
- | * [federicodotta/Java-Deserialization-Scanner: All-in-one plugin for Burp Suite for the detection and the exploitation of Java deserialization vulnerabilities](https://github.com/federicodotta/Java-Deserialization-Scanner) | + | * [RhinoSecurityLabs/SleuthQL: Python3 Burp History parsing tool to discover potential SQL injection points. To be used in tandem with SQLmap.](https://github.com/RhinoSecurityLabs/SleuthQL) |
- | * [ilmila/J2EEScan: J2EEScan is a plugin for Burp Suite Proxy. The goal of this plugin is to improve the test coverage during web application penetration tests on J2EE applications.](https://github.com/ilmila/J2EEScan) | + | * [Ebryx/AES-Killer: Burp plugin to decrypt AES Encrypted traffic of mobile apps on fly](https://github.com/Ebryx/AES-Killer) |
- | * [mvetsch/JWT4B: JSON Web Tokens (JWT) support for Burp](https://github.com/mvetsch/JWT4B) | + | * [luh2/DetectDynamicJS: The DetectDynamicJS Burp Extension provides an additional passive scanner that tries to find differing content in JavaScript files and aid in finding user/session data.](https://github.com/luh2/DetectDynamicJS) |
- | * [SAMLRaider/SAMLRaider: SAML Raider is a Burp Suite extension for testing SAML infrastructures](https://github.com/SAMLRaider/SAMLRaider) | + | * [EnableSecurity/burp-luhn-payload-processor: A plugin for Burp Suite Pro to work with attacker payloads and automatically generate check digits for credit card numbers and similar numbers that end with a check digit generated using the Luhn algorithm or formula (also known as the "modulus 10" or "mod 10" algorithm).](https://github.com/EnableSecurity/burp-luhn-payload-processor) |
- | * [zidekmat/graphql_beautifier: Burp Suite extension to help make Graphql request more readable](https://github.com/zidekmat/graphql_beautifier) | + | * [federicodotta/Java-Deserialization-Scanner: All-in-one plugin for Burp Suite for the detection and the exploitation of Java deserialization vulnerabilities](https://github.com/federicodotta/Java-Deserialization-Scanner) |
- | * [vergl4s/signatures: Length extension attacks in Burp Suite](https://github.com/vergl4s/signatures) | + | * [ilmila/J2EEScan: J2EEScan is a plugin for Burp Suite Proxy. The goal of this plugin is to improve the test coverage during web application penetration tests on J2EE applications.](https://github.com/ilmila/J2EEScan) |
+ | * [mvetsch/JWT4B: JSON Web Tokens (JWT) support for Burp](https://github.com/mvetsch/JWT4B) | ||
+ | * [SAMLRaider/SAMLRaider: SAML Raider is a Burp Suite extension for testing SAML infrastructures](https://github.com/SAMLRaider/SAMLRaider) | ||
+ | * [zidekmat/graphql_beautifier: Burp Suite extension to help make Graphql request more readable](https://github.com/zidekmat/graphql_beautifier) | ||
+ | * [vergl4s/signatures: Length extension attacks in Burp Suite](https://github.com/vergl4s/signatures) | ||
## Developing Burp Extensions | ## Developing Burp Extensions | ||
- | * [Adapting Burp extensions for tailored pentesting | Blog](https://portswigger.net/blog/adapting-burp-extensions-for-tailored-pentesting) | + | * [Adapting Burp extensions for tailored pentesting | Blog](https://portswigger.net/blog/adapting-burp-extensions-for-tailored-pentesting) |
- | * [Burp Suite Extension Development Series](https://prakharprasad.com/burp-suite-extension-development-series/) | + | * [Burp Suite Extension Development Series](https://prakharprasad.com/burp-suite-extension-development-series/) |
- | * [sunnyneo/burp-extension-training: Burp Extension Training](https://github.com/sunnyneo/burp-extension-training) | + | * [sunnyneo/burp-extension-training: Burp Extension Training](https://github.com/sunnyneo/burp-extension-training) |