Ecosyste.ms: Awesome

An open API service indexing awesome lists of open source software.

Awesome Lists | Featured Topics | Projects

https://github.com/PortSwigger/httpoxy-scanner

A Burp Suite extension that checks for the HTTPoxy vulnerability.
https://github.com/PortSwigger/httpoxy-scanner

Last synced: 3 months ago
JSON representation

A Burp Suite extension that checks for the HTTPoxy vulnerability.

Host: GitHub
URL: https://github.com/PortSwigger/httpoxy-scanner
Owner: PortSwigger
Created: 2016-10-21T15:37:20.000Z (about 8 years ago)
Default Branch: master
Last Pushed: 2021-08-25T15:10:38.000Z (about 3 years ago)
Last Synced: 2024-07-30T20:30:53.264Z (3 months ago)
Language: Java
Size: 49.8 KB
Stars: 87
Watchers: 7
Forks: 23
Open Issues: 0
Metadata Files:
- Readme: README.md

Awesome Lists containing this project

README

# Sample Burp Suite extension: Collaborator interactions

This example uses the [HTTPoxy](https://httpoxy.org/) vulnerability to
illustrate use of the Burp Collaborator. We generate URLs for a vulnerable
application to request, and find the vulnerability by asking the Collaborator
for interactions with those URLs.

A collaborator context is used to generate payloads and we send these in a Proxy
header during an active scan.

This example uses a simple server whose only task is to request URLs sent in
Proxy headers. It does not replicate the actual vulnerability but instead
prefers to be a simple illustration of the interactions that might occur with
the collaborator.

This repository includes source code for Java, Python and Ruby. It also includes
a server (for NodeJS) to test the scan on.

After loading the extension, you'll need to simply active scan the local server.