nccgroup / Burpsuitehttpsmuggler
Licence: agpl-3.0
A Burp Suite extension to help pentesters to bypass WAFs or test their effectiveness using a number of techniques
Stars: ✭ 529
Programming Languages
java
68154 projects - #9 most used programming language
Projects that are alternatives of or similar to Burpsuitehttpsmuggler
Cerberus
一款功能强大的漏洞扫描器,子域名爆破使用aioDNS,asyncio异步快速扫描,覆盖目标全方位资产进行批量漏洞扫描,中间件信息收集,自动收集ip代理,探测Waf信息时自动使用来保护本机真实Ip,在本机Ip被Waf杀死后,自动切换代理Ip进行扫描,Waf信息收集(国内外100+款waf信息)包括安全狗,云锁,阿里云,云盾,腾讯云等,提供部分已知waf bypass 方案,中间件漏洞检测(Thinkphp,weblogic等 CVE-2018-5955,CVE-2018-12613,CVE-2018-11759等),支持SQL注入, XSS, 命令执行,文件包含, ssrf 漏洞扫描, 支持自定义漏洞邮箱推送功能
Stars: ✭ 389 (-26.47%)
Mutual labels: waf, bypass
Burpsuite Collections
BurpSuite收集:包括不限于 Burp 文章、破解版、插件(非BApp Store)、汉化等相关教程,欢迎添砖加瓦---burpsuite-pro burpsuite-extender burpsuite cracked-version hackbar hacktools fuzzing fuzz-testing burp-plugin burp-extensions bapp-store brute-force-attacks brute-force-passwords waf sqlmap jar
Stars: ✭ 1,081 (+104.35%)
Mutual labels: burpsuite, waf
Whatwaf
Detect and bypass web application firewalls and protection systems
Stars: ✭ 1,881 (+255.58%)
Mutual labels: waf, bypass
Hack
🔰渗透测试资源库🔰黑客工具🔰维基解密文件🔰木马免杀🔰信息安全🔰技能树🔰数据库泄露🔰
Stars: ✭ 460 (-13.04%)
Mutual labels: burpsuite, bypass
Cloudbunny
CloudBunny is a tool to capture the real IP of the server that uses a WAF as a proxy or protection. In this tool we used three search engines to search domain information: Shodan, Censys and Zoomeye.
Stars: ✭ 273 (-48.39%)
Mutual labels: waf, bypass
Naxsi
NAXSI is an open-source, high performance, low rules maintenance WAF for NGINX
Stars: ✭ 3,927 (+642.34%)
Mutual labels: waf
Information collection handbook
Handbook of information collection for penetration testing and src
Stars: ✭ 447 (-15.5%)
Mutual labels: bypass
Bebasid
bebasid dapat membantu membuka halaman situs web yang diblokir oleh pemerintah Indonesia dengan memanfaatkan hosts file.
Stars: ✭ 372 (-29.68%)
Mutual labels: bypass
Aws
A collection of bash shell scripts for automating various tasks with Amazon Web Services using the AWS CLI and jq.
Stars: ✭ 493 (-6.81%)
Mutual labels: waf
Gtfobins.github.io
GTFOBins is a curated list of Unix binaries that can be used to bypass local security restrictions in misconfigured systems
Stars: ✭ 6,030 (+1039.89%)
Mutual labels: bypass
Awesome Nginx Security
🔥 A curated list of awesome links related to application security related to the environments with NGINX or Kubernetes Ingres Controller (based on NGINX)
Stars: ✭ 417 (-21.17%)
Mutual labels: waf
Aes Killer
Burp plugin to decrypt AES Encrypted traffic of mobile apps on the fly
Stars: ✭ 446 (-15.69%)
Mutual labels: burpsuite
Burpsuite Secret finder
Burp Suite extension to discover apikeys/accesstokens and sensitive data from HTTP response.
Stars: ✭ 483 (-8.7%)
Mutual labels: burpsuite
Autorize
Automatic authorization enforcement detection extension for burp suite written in Jython developed by Barak Tawily in order to ease application security people work and allow them perform an automatic authorization tests
Stars: ✭ 406 (-23.25%)
Mutual labels: burpsuite
Burp Suite HTTP Smuggler
A Burp Suite extension to help pentesters to bypass WAFs or test their effectiveness using a number of techniques. This extension has been developed by Soroush Dalili (@irsdl) from NCC Group.
The initial release (v0.1) only supports the Encoding capability that can be quite complicated to be performed manually. See the references for more details.
Next versions will include more techniques and possible bug fixes.
Example Screenshots
References:
- https://appseceurope2018a.sched.com/event/EgXc/waf-bypass-techniques-using-http-standard-and-web-servers-behavior
- https://www.nccgroup.trust/uk/about-us/newsroom-and-events/blogs/2017/august/request-encoding-to-bypass-web-application-firewalls/
- https://www.nccgroup.trust/uk/about-us/newsroom-and-events/blogs/2017/september/rare-aspnet-request-validation-bypass-using-request-encoding/
Released under AGPL v3.0 see LICENSE for more information
Note that the project description data, including the texts, logos, images, and/or trademarks,
for each open source project belongs to its rightful owner.
If you wish to add or remove any projects, please contact us at [email protected].