Ecosyste.ms: Awesome
An open API service indexing awesome lists of open source software.
https://github.com/certuscyber/bapp-certus
https://github.com/certuscyber/bapp-certus
Last synced: 25 days ago
JSON representation
- Host: GitHub
- URL: https://github.com/certuscyber/bapp-certus
- Owner: certuscyber
- Created: 2023-05-02T14:07:10.000Z (over 1 year ago)
- Default Branch: main
- Last Pushed: 2023-05-16T16:17:17.000Z (over 1 year ago)
- Last Synced: 2024-08-04T00:06:11.685Z (4 months ago)
- Language: Python
- Size: 4.88 KB
- Stars: 0
- Watchers: 1
- Forks: 3
- Open Issues: 0
-
Metadata Files:
- Readme: README.md
Awesome Lists containing this project
- awesome-burp-extensions - Type Confusion Extension - This Burp Extension was created by Certus Cybersecurity to help find type confusion vulnerablities in applications. (Vulnerability Specific Extensions / Type Confusion)
README
# README for Type Confusion Extension #
This Burp Extension was created by Certus Cybersecurity to help find type confusion vulnerablities in applications.
### What is type confusion? ###
For more information, please refer to the blogpost, that will be linked here soon.
### What is this extension for? ###
This extension complements Burp's active scanner by substituting integer and booleean JSON values with their string equivalents to check if variable types are being checked on the server's side.
Any JSON body in HTTP request will be re-submitted with with the string equivalent:
```
{
"id":34,
"name":"John",
"role":"basic",
"extended":false
}
```
Will be transformed to:
```
{
"id":"34",
"name":"John",
"role":"basic",
"extended":false
}
```
If the HTTP response is successful, it would indicate that variable types are not being check on the server side.
### How do I get set up? ###
Ensure you have Jython standalone JAR file attached to Burp and import the extension.py file.
### Who do I talk to? ###
Use Github issues to raise any problems.
Contributions and feature requests are welcome.