.png)
Admin-Panel_Finder is a burp suite extension that enumerates infrastructure and application Admin Interfaces. OWASP References: Classification: Web Application Security Testing > 02-Configuration and Deployment Management Testing OTG v4: OWASP OTG-CONFIG-005 WSTG: WSTG-CONF-05 Why should I use this extension? Multi-thread Different and configurable levels of test. Includable status codes Excludable status codes More than 1000 built-in payloads. …
Tag Archives: Burp
InQL : A Burp Extension For GraphQL Security Testing
InQL is a security testing tool to facilitate GraphQL technology security auditing efforts. InQL can be used as a stand-alone script or as a Burp Suite extension. InQL Stand-Alone CLI Running inql from Python will issue an Introspection query to the target GraphQL endpoint in order fetch metadata information for: Queries, mutations, subscriptions Its fields …
Continue reading “InQL : A Burp Extension For GraphQL Security Testing”
TeaBreak : A Productivity Burp Extension
TeaBreak is a simple burp extension for security researchers and bug bounty hunters for helping them to increase their work productivity. We know how much health is important. It is recommended to take break from your work to avoid burnout, reduce eye strain and other health problems. How? Set your break time before commencement of …
Generator Burp Extension : Everything You Need About
When you generate your plugin project, the generator will ask you what features should be included in your plugin. If you are familiarized with burp extension developing, the names of the features will be descriptive enough, but, if you are new in burp extensions, here is a short description of what can be done with …
Continue reading “Generator Burp Extension : Everything You Need About”
Burp-Exporter : Request To Clipboard With Multiple Programming Languages Functions
Burp-Exporter is a Burp Suite extension to copy a request to the clipboard as multiple programming languages functions. You can export as: cURL Wget Python Request Perl LWP PHP HTTP_Request2 Go Native NodeJS Request jQuery AJAX PowerShell Also Read – Ps-Tools : An Advanced Process Monitoring Toolkit For Offensive Operations Requirements Jython >= 2.7.1 Burp …
Burp Suite Extension For Generate A Random User Agents
A Burp Suite extension to help pentesters to generate a random user-agent. This extension has been developed by M’hamed (@m4ll0k) Outaadi. Installation Download a jar file in release or compile the java code: $ git clone https://github.com/m4ll0k/BurpSuite-Random_UserAgent.git random-useragents $ cd random-useragents/src/main/java $ javac burp/*.java $ jar cf random-useragents.jar burp/*.class Also Read – InjuredAndroid : A …
Continue reading “Burp Suite Extension For Generate A Random User Agents”
IPRotate : Extension For Burp Suite Which Uses AWS API Gateway To Rotate Your IP On Every Request
IPRotate is a tool used for Burp Suite which uses AWS API Gateway to change your IP on every request. This extension allows you to easily spin up API Gateways across multiple regions. All the Burp Suite traffic for the targeted host is then routed through the API Gateway endpoints which causes the IP to …
ZIP File Raider – Burp Extension for ZIP File Payload Testing
ZIP File Raider is a Burp Suite extension for attacking web application with ZIP file upload functionality. You can easily inject Burp Scanner/Repeater payloads in ZIP content of the HTTP requests which is not feasible by default. This extension helps to automate the extraction and compression steps. ZIP File Raider Installation Set up Jython standalone …
Continue reading “ZIP File Raider – Burp Extension for ZIP File Payload Testing”
Telewreck – A Burp Extension To Detect And Exploit CVE-2017-9248
Telewreck is a Burp extension to detect and exploit versions of Telerik Web UI vulnerable to CVE-2017-9248. Telewreck Attribute Detect vulnerable versions of Telerik Web UI during passive scans. Bruteforce the key and discover the “Document Manager” link just like the original exploit tool. Requirements Locate Telerik.Web.UI.DialogHandler.aspx This extension requires Python’s requests module. Just run …
Continue reading “Telewreck – A Burp Extension To Detect And Exploit CVE-2017-9248”