{"id":13843366,"url":"https://github.com/BitTheByte/BitTraversal","last_synced_at":"2025-07-11T18:31:48.089Z","repository":{"id":109046799,"uuid":"327496396","full_name":"BitTheByte/BitTraversal","owner":"BitTheByte","description":"Burpsuite Plugin to detect Directory Traversal vulnerabilities","archived":false,"fork":false,"pushed_at":"2021-07-22T17:21:25.000Z","size":49,"stargazers_count":28,"open_issues_count":0,"forks_count":4,"subscribers_count":2,"default_branch":"master","last_synced_at":"2024-11-21T14:39:05.396Z","etag":null,"topics":["bugbounty","burp-extensions","burp-plugin","burpsuite","burpsuite-extender","java","path-traversal","traversal","web"],"latest_commit_sha":null,"homepage":"","language":"Java","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":null,"status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/BitTheByte.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":null,"code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null}},"created_at":"2021-01-07T03:49:55.000Z","updated_at":"2024-04-24T10:13:05.000Z","dependencies_parsed_at":"2023-04-05T23:33:25.862Z","dependency_job_id":null,"html_url":"https://github.com/BitTheByte/BitTraversal","commit_stats":null,"previous_names":[],"tags_count":1,"template":false,"template_full_name":null,"purl":"pkg:github/BitTheByte/BitTraversal","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/BitTheByte%2FBitTraversal","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/BitTheByte%2FBitTraversal/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/BitTheByte%2FBitTraversal/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/BitTheByte%2FBitTraversal/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/BitTheByte","download_url":"https://codeload.github.com/BitTheByte/BitTraversal/tar.gz/refs/heads/master","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/BitTheByte%2FBitTraversal/sbom","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":264870318,"owners_count":23676203,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["bugbounty","burp-extensions","burp-plugin","burpsuite","burpsuite-extender","java","path-traversal","traversal","web"],"created_at":"2024-08-04T17:02:00.993Z","updated_at":"2025-07-11T18:31:47.810Z","avatar_url":"https://github.com/BitTheByte.png","language":"Java","funding_links":[],"categories":["Java"],"sub_categories":[],"readme":"# BitTraversal - in development\n\u003cp align=\"center\"\u003e\n    \u003ca href=\"https://twitter.com/BitTheByte\"\u003e\n      \u003cimg src=\"https://i.ibb.co/z6tf3Z2/unknown.png\" width=\"700\"\u003e\n    \u003c/a\u003e\n\u003c/p\u003e\n\n# Installation\n* Requirements\n   * BurpSuite \u003e= 1.7\n   * JVM Runtime \u003e= 1.8\n\n* Installation from GitHub\n   1) Download the latest release from github https://github.com/BitTheByte/BitTraversal/releases\n   2) Using burpsuite navigate to `Extender \u003e Add`\n   3) Select the downloaded `.jar` file \n\n# Core Idea\nA Mutator will run against every request seen from burpsuite e.g(proxy, repeater, scanner) generating a number of potential urls each appended with a payload to be passed to Executor and Detector classes to detect if one of the detection techniques was successful\n\nThis plugin uses two main techniques to identify directory traversal vulnerabilities\n* Detection Methods\n  1) Static Detection  \n  2) Dynamic Detection   \n  \n i) Using predefined payloads specified at [payloads.list](https://github.com/BitTheByte/BitTraversal/blob/master/list/payloads.list) which will be fetched at runtime from GitHub and matched against [regex.list](https://github.com/BitTheByte/BitTraversal/blob/master/list/regex.list)\n \n ii) Still in development. the aim to detect same response requests like `/static/css/main.css/` and `/static/../static/css/main.css` with minimal false postives and also apply similar techniques like the ones found in `CVE-2020-5902`, `CVE-2020-15506`\n  \n# Papers\nhttps://i.blackhat.com/us-18/Wed-August-8/us-18-Orange-Tsai-Breaking-Parser-Logic-Take-Your-Path-Normalization-Off-And-Pop-0days-Out-2.pdf\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2FBitTheByte%2FBitTraversal","html_url":"https://awesome.ecosyste.ms/projects/github.com%2FBitTheByte%2FBitTraversal","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2FBitTheByte%2FBitTraversal/lists"}