{"id":13380026,"url":"https://github.com/jiangsir404/Xss-Sql-Fuzz","last_synced_at":"2025-03-13T06:32:12.501Z","repository":{"id":202396556,"uuid":"160302170","full_name":"jiangsir404/Xss-Sql-Fuzz","owner":"jiangsir404","description":"burpsuite 插件对GP所有参数(过滤特殊参数)一键自动添加xss sql payload 进行fuzz","archived":false,"fork":false,"pushed_at":"2018-12-04T10:34:52.000Z","size":292,"stargazers_count":60,"open_issues_count":0,"forks_count":10,"subscribers_count":4,"default_branch":"master","last_synced_at":"2024-10-25T22:45:37.625Z","etag":null,"topics":["burp","burp-extensions","burpsuite","python"],"latest_commit_sha":null,"homepage":"","language":"Python","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":null,"status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/jiangsir404.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":null,"code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null}},"created_at":"2018-12-04T05:19:31.000Z","updated_at":"2024-08-12T19:43:45.000Z","dependencies_parsed_at":null,"dependency_job_id":"ef6ef276-3dc8-48f3-8edb-96085fc38151","html_url":"https://github.com/jiangsir404/Xss-Sql-Fuzz","commit_stats":null,"previous_names":["jiangsir404/xss-sql-fuzz"],"tags_count":0,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/jiangsir404%2FXss-Sql-Fuzz","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/jiangsir404%2FXss-Sql-Fuzz/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/jiangsir404%2FXss-Sql-Fuzz/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/jiangsir404%2FXss-Sql-Fuzz/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/jiangsir404","download_url":"https://codeload.github.com/jiangsir404/Xss-Sql-Fuzz/tar.gz/refs/heads/master","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":243357970,"owners_count":20277988,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["burp","burp-extensions","burpsuite","python"],"created_at":"2024-07-30T08:00:56.923Z","updated_at":"2025-03-13T06:32:12.209Z","avatar_url":"https://github.com/jiangsir404.png","language":"Python","funding_links":[],"categories":["Exploitation"],"sub_categories":["XSS Injection"],"readme":"## Xss-Sql-Fuzz\n\n一个burpsuite 插件 用来fuzz xss和sql注入, 可以对post,get 的所有参数一键自动添加上我们的payload.\n\n## Usage\nExtender-\u003eOption 添加jython包   \nExtender-\u003eExtensions-\u003eAdd 添加Xss-Sql-Fuzz.py 插件。\n\n## ToDO\n- [x] 对GET型参数添加payload\n- [x] 对POST型参数添加payload\n- [x] 对响应中的unicode 解码\n- [x] 对GET POST型中的一些特殊参数比如token,submit, code,sign，action这些参数，会自动进行模糊匹配跳过。\n- [x] 添加XFF头\n- [x] 添加Referer(基于host头)\n- [x] 对json格式的post数据进行处理\n- [ ] 生成json csrf 表单\n\n如果想自定义payload, 直接再代码里面改即可。\n\n\tmenuItem = ['addXFF','post fuzz1:x\\'\"\u003e\u003crivirtest\u003e','post fuzz2:\u003c/script\u003e\u003cimg+src=0+onerror=alert(1)\u003e','post fuzz3:\\'-sleep(3)-\\'','get fuzz1:x\\'\"\u003e\u003crivirtest\u003e',\n        'get fuzz2:\u003c/script\u003e\u003cimg+src=0+onerror=alert(1)\u003e','get fuzz3:\\'-sleep(3)-\\'']\n\npayload 如上，直接改冒号右边的payload即可生效，也可以自己添加菜单栏，添加格式: `get fuzz4:payload4`, `post fuzz4:payload4`\n\n\n![1.jpg](1.jpg)","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fjiangsir404%2FXss-Sql-Fuzz","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fjiangsir404%2FXss-Sql-Fuzz","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fjiangsir404%2FXss-Sql-Fuzz/lists"}