JSON Web Token (JWT) support for Burp Intruder. This extension adds a payload processor for fuzzing JWT claims.
https://github.com/pinnace/burp-jwt-fuzzhelper-extension
https://github.com/pinnace/burp-jwt-fuzzhelper-extension
GitHub
GitHub - pinnace/burp-jwt-fuzzhelper-extension: JWT Fuzzer for BurpSuite. Adds an Intruder hook for on-the-fly JWT fuzzing.
JWT Fuzzer for BurpSuite. Adds an Intruder hook for on-the-fly JWT fuzzing. - pinnace/burp-jwt-fuzzhelper-extension
Adds Google Translate to Burp's Context Menu. "Babel Fish" language translation for app-sec testing in other languages.
https://github.com/portswigger/burpelfish
https://github.com/portswigger/burpelfish
GitHub
GitHub - PortSwigger/burpelfish: BurpelFish - Adds Google Translate to Burp's Context Menu. "Babel Fish" language translation for…
BurpelFish - Adds Google Translate to Burp's Context Menu. "Babel Fish" language translation for app-sec testing in other languages. - PortSwigger/burpelfish
virtualhost-payload-generator
BURP extension providing a set of values for the HTTP request "Host" header for the "BURP Intruder" in order to abuse virtual host resolution.
https://github.com/righettod/virtualhost-payload-generator
BURP extension providing a set of values for the HTTP request "Host" header for the "BURP Intruder" in order to abuse virtual host resolution.
https://github.com/righettod/virtualhost-payload-generator
GitHub
GitHub - righettod/virtualhost-payload-generator: BURP extension providing a set of values for the HTTP request "Host" header for…
BURP extension providing a set of values for the HTTP request "Host" header for the "BURP Intruder" in order to abuse virtual host resolution. - righettod/virtua...
Extending fuzzing with BurpSuite by FAST
https://lab.wallarm.com/extending-fuzzing-with-burp-by-fast-f67d8b5d63e7
https://lab.wallarm.com/extending-fuzzing-with-burp-by-fast-f67d8b5d63e7
Turbo Intruder is a Burp Suite extension for sending large numbers of HTTP requests and analyzing the results.
https://github.com/portswigger/turbo-intruder
https://github.com/portswigger/turbo-intruder
GitHub
GitHub - PortSwigger/turbo-intruder: Turbo Intruder is a Burp Suite extension for sending large numbers of HTTP requests and analyzing…
Turbo Intruder is a Burp Suite extension for sending large numbers of HTTP requests and analyzing the results. - PortSwigger/turbo-intruder
Freddy the Serial(isation) Killer - Deserialization Bug Finder
https://github.com/portswigger/freddy-deserialization-bug-finder
https://github.com/portswigger/freddy-deserialization-bug-finder
GitHub
GitHub - PortSwigger/freddy-deserialization-bug-finder
Contribute to PortSwigger/freddy-deserialization-bug-finder development by creating an account on GitHub.
👍1
Vulners Burp Suite Software vulnerability plugin update released
Vulners have updated Vulners Scanner plugin!
Vulners have updated Vulners Scanner plugin!
burpsuite (not official)
https://blog.fabiopires.pt/running-your-instance-of-burp-collaborator-server/
Deploy a private Burp Collaborator Server in Azure
https://medium.com/bugbountywriteup/deploy-a-private-burp-collaborator-server-in-azure-f0d932ae1d70
https://medium.com/bugbountywriteup/deploy-a-private-burp-collaborator-server-in-azure-f0d932ae1d70
Medium
Deploy a private Burp Collaborator Server in Azure
A short time ago, I had to set up a private Burp Collaborator Server to avoid possible leaks of my client´s sensitive information. I want…
Using UTF8 for right edit/view different languages in requests and responses
https://github.com/pajswigger/utf8-message-editor
https://github.com/pajswigger/utf8-message-editor
Python3 Burp History parsing tool to discover potential SQL injection points. To be used in tandem with SQLmap.
https://github.com/RhinoSecurityLabs/SleuthQL
https://github.com/RhinoSecurityLabs/SleuthQL
GitHub
GitHub - RhinoSecurityLabs/SleuthQL: Python3 Burp History parsing tool to discover potential SQL injection points. To be used in…
Python3 Burp History parsing tool to discover potential SQL injection points. To be used in tandem with SQLmap. - RhinoSecurityLabs/SleuthQL
Intercepting traffic from Android Flutter applications
https://blog.nviso.be/2019/08/13/intercepting-traffic-from-android-flutter-applications/
https://blog.nviso.be/2019/08/13/intercepting-traffic-from-android-flutter-applications/
NVISO Labs
Intercepting traffic from Android Flutter applications
Update: The explanation below explains the step for ARMv7. For ARMv8 (64bit), see this blogpost. ⚠️ Update August 2022 ⚠️An update to this blog post was written and can be found here. It …
👏1
Cryptography in Python Burp Extensions
https://parsiya.net/blog/2018-12-24-cryptography-in-python-burp-extensions/
https://parsiya.net/blog/2018-12-24-cryptography-in-python-burp-extensions/
parsiya.net
Cryptography in Python Burp Extensions
In this post, I will discuss a few tricks for creating Burp extensions in Python that deal with cryptography. Our example is a Burp extension that adds a new tab to decode and decrypt an application's traffic. This allows us to modify payloads on the fly…