Ecosyste.ms: Awesome
An open API service indexing awesome lists of open source software.
https://github.com/burp-hash/burp-hash
https://github.com/burp-hash/burp-hash
Last synced: about 1 month ago
JSON representation
- Host: GitHub
- URL: https://github.com/burp-hash/burp-hash
- Owner: burp-hash
- License: mit
- Created: 2015-05-15T16:00:26.000Z (over 9 years ago)
- Default Branch: master
- Last Pushed: 2015-08-05T22:40:40.000Z (over 9 years ago)
- Last Synced: 2024-08-02T00:23:04.538Z (4 months ago)
- Language: Java
- Size: 6.78 MB
- Stars: 32
- Watchers: 7
- Forks: 10
- Open Issues: 3
-
Metadata Files:
- Readme: README.md
- License: LICENSE
Awesome Lists containing this project
- awesome-burp-extensions - Burp Hash - Many applications will hash parameters such as ID numbers and email addresses for use in secure tokens, like session cookies. (Vulnerability Specific Extensions / Sensitive Data Exposure)
README
# burp-hash
Burp-hash is a Burp Suite plugin.
Many applications will hash parameters such as ID numbers and email addresses for use in secure tokens, like session cookies. The plugin will passively scan requests looking for hashed values. Once a hashed value is found, it is compared to a table of parameters already observed in the application to find a match. The plugin keeps a lookout for parameters such as usernames, email addresses, and ID numbers. It also keeps a lookout for hashes (SHA, MD5, etc). It hashes new data and compares to observed hashes. The user receives a notification if any hashes match. This automates the process of trying to guess common parameters used in the generation of hashes observed in an application.
Here is a brief video that explains the concept: https://youtu.be/KdgeipzmESE
### Release
We are pleased to announce burp-hash has been accepted for [Black Hat USA Arsenal 2015](https://www.blackhat.com/us-15/arsenal.html#burp-hash). Following the presentation at Black Hat, the software will be released to the public here on GitHub.
### Created by
* [Scott Johnson](https://twitter.com/scottj)
* [Tim MalcomVetter](https://twitter.com/TeeEmmVee)
* [Matt South](https://twitter.com/themattymcfatty)### [Download](https://github.com/burp-hash/burp-hash/releases/)