Outils d'utilisateurs

Outils du Site


liste_d_extension_burp

Différences

Cette page vous donne les différences entre la révision choisie et la version actuelle de la page.

Lien vers cette vue

liste_d_extension_burp [2019/10/25 20:20] (Version actuelle)
M0N5T3R créée
Ligne 1: Ligne 1:
 +* [summitt/Burp-Non-HTTP-Extension: Non-HTTP Protocol Extension (NoPE) Proxy and DNS for Burp Suite.](https://github.com/summitt/Burp-Non-HTTP-Extension)
 +* [SpiderLabs/Airachnid-Burp-Extension: A Burp Extension to test applications for vulnerability to the Web Cache Deception attack](https://github.com/SpiderLabs/Airachnid-Burp-Extension)
 +* [RUB-NDS/BurpSSOExtension: An extension for BurpSuite that highlights SSO messages in Burp's proxy window..](https://github.com/RUB-NDS/BurpSSOExtension)
 +* [nccgroup/BurpSuiteHTTPSmuggler: A Burp Suite extension to help pentesters to bypass WAFs or test their effectiveness using a number of techniques](https://github.com/nccgroup/BurpSuiteHTTPSmuggler)
 +* [NetSPI/JavaSerialKiller: Burp extension to perform Java Deserialization Attacks](https://github.com/NetSPI/JavaSerialKiller)
 +* [h3xstream/burp-retire-js: Burp/ZAP/Maven extension that integrate Retire.js repository to find vulnerable Javascript libraries.](https://github.com/h3xstream/burp-retire-js)
 +* [PortSwigger/collaborator-everywhere: A Burp Suite Pro extension which augments your proxy traffic by injecting non-invasive headers designed to reveal backend systems by causing pingbacks to Burp Collaborator](https://github.com/PortSwigger/collaborator-everywhere)
 +* [SecurityInnovation/AuthMatrix: AuthMatrix is a Burp Suite extension that provides a simple way to test authorization in web applications and web services.](https://github.com/SecurityInnovation/AuthMatrix)
 +* [augustd/burp-suite-error-message-checks: Burp Suite extension to passively scan for applications revealing server error messages](https://github.com/augustd/burp-suite-error-message-checks)
 +* [NetSPI/BurpExtractor: A Burp extension for generic extraction and reuse of data within HTTP requests and responses.](https://github.com/NetSPI/BurpExtractor)
 +* [PortSwigger/brida: The new bridge between Burp Suite and Frida!](https://github.com/portswigger/brida)
 +* [PortSwigger/distribute-damage: Evenly distributes scanner load across targets](https://github.com/PortSwigger/distribute-damage)
 +* [hvqzao/burp-wildcard: Burp extension intended to compact Burp extension tabs by hijacking them to own tab.](https://github.com/hvqzao/burp-wildcard)
 +* [Burp-Extensions/JSONPScannerCheck.py at master · tghosth/Burp-Extensions](https://github.com/tghosth/Burp-Extensions/blob/master/JSONPScannerCheck.py)
 +* [the-bumble/Burp-Scanner-OOB-Checks: This is a Burp extension for adding additional payloads to active scanner that require out-of-band validation. Works great with XSSHunter](https://github.com/the-bumble/Burp-Scanner-OOB-Checks)
 +* [d3vilbug/HackBar: HackBar plugin for Burpsuite v1.0](https://github.com/d3vilbug/HackBar)
 +* [hvqzao/burp-second-order: Extension for semi-automated search for second order issues in webapps](https://github.com/hvqzao/burp-second-order)
 +* [PortSwigger/param-miner](https://github.com/portswigger/param-miner)
 +* [PortSwigger/command-injection-attacker: SHELLING - a comprehensive OS command injection payload generator](https://github.com/portswigger/command-injection-attacker)
 +* [wagiro/BurpBounty: Burp Bounty (Scan Check Builder in BApps Store) is a extension of Burp Suite that improve an active and passive scanner by yourself. This extension requires Burp Suite Pro.](https://github.com/wagiro/BurpBounty)
 +* [righettod/log-requests-to-sqlite: BURP extension to record every HTTP request send via BURP and create an audit trail log of an assessment.](https://github.com/righettod/log-requests-to-sqlite)
 +* [albinowax/ActiveScanPlusPlus: ActiveScan++ Burp Suite Plugin](https://github.com/albinowax/ActiveScanPlusPlus)
 +* [PortSwigger/backslash-powered-scanner: Finds unknown classes of injection vulnerabilities](https://github.com/PortSwigger/backslash-powered-scanner)
 +* [RhinoSecurityLabs/SleuthQL: Python3 Burp History parsing tool to discover potential SQL injection points. To be used in tandem with SQLmap.](https://github.com/RhinoSecurityLabs/SleuthQL)
 +* [Ebryx/AES-Killer: Burp plugin to decrypt AES Encrypted traffic of mobile apps on fly](https://github.com/Ebryx/AES-Killer)
 +* [luh2/DetectDynamicJS: The DetectDynamicJS Burp Extension provides an additional passive scanner that tries to find differing content in JavaScript files and aid in finding user/session data.](https://github.com/luh2/DetectDynamicJS)
 +* [EnableSecurity/burp-luhn-payload-processor: A plugin for Burp Suite Pro to work with attacker payloads and automatically generate check digits for credit card numbers and similar numbers that end with a check digit generated using the Luhn algorithm or formula (also known as the "modulus 10" or "mod 10" algorithm).](https://github.com/EnableSecurity/burp-luhn-payload-processor)
 +* [federicodotta/Java-Deserialization-Scanner: All-in-one plugin for Burp Suite for the detection and the exploitation of Java deserialization vulnerabilities](https://github.com/federicodotta/Java-Deserialization-Scanner)
 +* [ilmila/J2EEScan: J2EEScan is a plugin for Burp Suite Proxy. The goal of this plugin is to improve the test coverage during web application penetration tests on J2EE applications.](https://github.com/ilmila/J2EEScan)
 +* [mvetsch/JWT4B: JSON Web Tokens (JWT) support for Burp](https://github.com/mvetsch/JWT4B)
 +* [SAMLRaider/SAMLRaider: SAML Raider is a Burp Suite extension for testing SAML infrastructures](https://github.com/SAMLRaider/SAMLRaider)
 +* [zidekmat/graphql_beautifier: Burp Suite extension to help make Graphql request more readable](https://github.com/zidekmat/graphql_beautifier)
 +* [vergl4s/signatures: Length extension attacks in Burp Suite](https://github.com/vergl4s/signatures)
 +
 +## Developing Burp Extensions
 +
 +* [Adapting Burp extensions for tailored pentesting | Blog](https://portswigger.net/blog/adapting-burp-extensions-for-tailored-pentesting)
 +* [Burp Suite Extension Development Series](https://prakharprasad.com/burp-suite-extension-development-series/)
 +* [sunnyneo/burp-extension-training: Burp Extension Training](https://github.com/sunnyneo/burp-extension-training)
  
liste_d_extension_burp.txt · Dernière modification: 2019/10/25 20:20 par M0N5T3R