Ecosyste.ms: Awesome
An open API service indexing awesome lists of open source software.
https://github.com/PortSwigger/httpoxy-scanner
A Burp Suite extension that checks for the HTTPoxy vulnerability.
https://github.com/PortSwigger/httpoxy-scanner
Last synced: about 2 months ago
JSON representation
A Burp Suite extension that checks for the HTTPoxy vulnerability.
- Host: GitHub
- URL: https://github.com/PortSwigger/httpoxy-scanner
- Owner: PortSwigger
- Created: 2016-10-21T15:37:20.000Z (about 8 years ago)
- Default Branch: master
- Last Pushed: 2021-08-25T15:10:38.000Z (over 3 years ago)
- Last Synced: 2024-11-06T23:17:47.071Z (about 2 months ago)
- Language: Java
- Size: 49.8 KB
- Stars: 88
- Watchers: 7
- Forks: 21
- Open Issues: 0
-
Metadata Files:
- Readme: README.md
Awesome Lists containing this project
README
# Sample Burp Suite extension: Collaborator interactions
This example uses the [HTTPoxy](https://httpoxy.org/) vulnerability to
illustrate use of the Burp Collaborator. We generate URLs for a vulnerable
application to request, and find the vulnerability by asking the Collaborator
for interactions with those URLs.A collaborator context is used to generate payloads and we send these in a Proxy
header during an active scan.This example uses a simple server whose only task is to request URLs sent in
Proxy headers. It does not replicate the actual vulnerability but instead
prefers to be a simple illustration of the interactions that might occur with
the collaborator.This repository includes source code for Java, Python and Ruby. It also includes
a server (for NodeJS) to test the scan on.After loading the extension, you'll need to simply active scan the local server.