GitPlanet

Cheap and reliable Node.js hosting starts at $3/month, and $1/month static HTML hosting

Created with love in Canada, visit hostnodejs.com today

Feel like to post an Ad? Learn Details
All Projects → theLSA → Burp Unauth Checker

theLSA / Burp Unauth Checker

Licence: mit
burpsuite extension for check unauthorized vulnerability

Programming Languages

python
139335 projects - #7 most used programming language

Labels

vulnerabilityburpsuitecheckerburp-plugin

Projects that are alternatives of or similar to Burp Unauth Checker

Burp Sensitive Param Extractor
burpsuite extension for check and extract sensitive request parameter
Stars: ✭ 35 (-64.65%)
Mutual labels:  burpsuite, burp-plugin, checker
Aes Killer
Burp plugin to decrypt AES Encrypted traffic of mobile apps on the fly
Stars: ✭ 446 (+350.51%)
Mutual labels:  burpsuite, burp-plugin
Cstc
CSTC is a Burp Suite extension that allows request/response modification using a GUI analogous to CyberChef
Stars: ✭ 91 (-8.08%)
Mutual labels:  burpsuite, burp-plugin
Knife
A burp extension that add some useful function to Context Menu 添加一些右键菜单让burp用起来更顺畅
Stars: ✭ 626 (+532.32%)
Mutual labels:  burpsuite, burp-plugin
Burpdeveltraining
Material for the training "Developing Burp Suite Extensions – From Manual Testing to Security Automation"
Stars: ✭ 302 (+205.05%)
Mutual labels:  burpsuite, burp-plugin
Burpcrypto
BurpCrypto is a collection of burpsuite encryption plug-ins, support AES/RSA/DES/ExecJs(execute JS encryption code in burpsuite).
Stars: ✭ 350 (+253.54%)
Mutual labels:  burpsuite, burp-plugin
Recaptcha
reCAPTCHA = REcognize CAPTCHA: A Burp Suite Extender that recognize CAPTCHA and use for intruder payload 自动识别图形验证码并用于burp intruder爆破模块的插件
Stars: ✭ 596 (+502.02%)
Mutual labels:  burpsuite, burp-plugin
googleauthenticator
Burp Suite plugin that dynamically generates Google 2FA codes for use in session handling rules (approved by PortSwigger for inclusion in their official BApp Store).
Stars: ✭ 18 (-81.82%)
Mutual labels:  burp-plugin, burpsuite
Burp Info Extractor
burpsuite extension for extract information from data
Stars: ✭ 27 (-72.73%)
Mutual labels:  burpsuite, burp-plugin
Burp Suite Software Version Checks
Burp extension to passively scan for applications revealing software version numbers
Stars: ✭ 29 (-70.71%)
Mutual labels:  burpsuite, burp-plugin
Faraday
Faraday introduces a new concept - IPE (Integrated Penetration-Test Environment) a multiuser Penetration test IDE. Designed for distributing, indexing, and analyzing the data generated during a security audit.
Stars: ✭ 3,198 (+3130.3%)
Mutual labels:  vulnerability, burpsuite
Burpsuite Collections
BurpSuite收集:包括不限于 Burp 文章、破解版、插件(非BApp Store)、汉化等相关教程,欢迎添砖加瓦---burpsuite-pro burpsuite-extender burpsuite cracked-version hackbar hacktools fuzzing fuzz-testing burp-plugin burp-extensions bapp-store brute-force-attacks brute-force-passwords waf sqlmap jar
Stars: ✭ 1,081 (+991.92%)
Mutual labels:  burpsuite, burp-plugin
auth analyzer
Burp Extension for testing authorization issues. Automated request repeating and parameter value extraction on the fly.
Stars: ✭ 77 (-22.22%)
Mutual labels:  burp-plugin, burpsuite
Autorize
Automatic authorization enforcement detection extension for burp suite written in Jython developed by Barak Tawily in order to ease application security people work and allow them perform an automatic authorization tests
Stars: ✭ 406 (+310.1%)
Mutual labels:  burpsuite, burp-plugin
burp-flow
Extension providing view with filtering capabilities for both complete and incomplete requests from all burp tools.
Stars: ✭ 45 (-54.55%)
Mutual labels:  burp-plugin, burpsuite
Autorepeater
Automated HTTP Request Repeating With Burp Suite
Stars: ✭ 546 (+451.52%)
Mutual labels:  burpsuite, burp-plugin
TurboDataMiner
The objective of this Burp Suite extension is the flexible and dynamic extraction, correlation, and structured presentation of information from the Burp Suite project as well as the flexible and dynamic on-the-fly modification of outgoing or incoming HTTP requests using Python scripts. Thus, Turbo Data Miner shall aid in gaining a better and fas…
Stars: ✭ 46 (-53.54%)
Mutual labels:  burp-plugin, burpsuite
SQLi-Query-Tampering
SQLi Query Tampering extends and adds custom Payload Generator/Processor in Burp Suite's Intruder. This extension gives you the flexibility of manual testing with many powerful evasion techniques.
Stars: ✭ 123 (+24.24%)
Mutual labels:  burp-plugin, burpsuite
Hackbar
HackBar plugin for Burpsuite
Stars: ✭ 917 (+826.26%)
Mutual labels:  burpsuite, burp-plugin
Burp Suite Error Message Checks
Burp Suite extension to passively scan for applications revealing server error messages
Stars: ✭ 45 (-54.55%)
Mutual labels:  burpsuite, burp-plugin
View All Similar Projects ➔

burp-unauth-checker

概述

自动化检测未授权访问漏洞

关于该插件的实现细节,参考burpsuite插件开发总结

快速开始

使用时需要勾选launchBurpUnauthChecker,建议在测试需要授权访问的功能时才开启(如网站后台)

authParams.cfg:存储授权参数,如token,cookie等。

在UI输入框增加授权参数要以英文逗号(,)分隔,并点击save按钮保存,其他操作不需要点击save按钮。

show post body即显示post数据的body内容。

show rspContent即显示响应body内容,建议尽量不开启。

一些授权参数是在get/post参数中的,如user/list?token=xxx,这时可以勾选replace GET/POST Auth Params with替换授权参数值。

默认过滤后缀列表filterSuffixList = "jpg,jpeg,png,gif,ico,bmp,svg,js,css,html,avi,mp4,mkv,mp3,txt"

应对一些特殊情况,设置了排除的授权参数列表excludeAuthParamsList

onlyIncludeStatusCode:设置检测的响应码,比如只检测200的响应。

原本想直接取消掉授权参数,但是可能造成响应失败,所以把授权参数值替换成自定义的数据,如cookie:[空],token=unauthp。

暂不提供在UI删除授权参数的功能,如要删除直接在authParams.cfg里面删除,切记要将光标移动到最后一个授权参数(末行)的结尾。

反馈

issues

Note that the project description data, including the texts, logos, images, and/or trademarks, for each open source project belongs to its rightful owner. If you wish to add or remove any projects, please contact us at [email protected].