Ecosyste.ms: Awesome
An open API service indexing awesome lists of open source software.
https://github.com/codewatchorg/Burp-IndicatorsOfVulnerability
Burp extension that checks application requests and responses for indicators of vulnerability or targets for attack
https://github.com/codewatchorg/Burp-IndicatorsOfVulnerability
Last synced: 25 days ago
JSON representation
Burp extension that checks application requests and responses for indicators of vulnerability or targets for attack
- Host: GitHub
- URL: https://github.com/codewatchorg/Burp-IndicatorsOfVulnerability
- Owner: codewatchorg
- License: bsd-2-clause
- Created: 2020-01-10T14:44:03.000Z (almost 5 years ago)
- Default Branch: master
- Last Pushed: 2022-12-23T19:34:51.000Z (almost 2 years ago)
- Last Synced: 2024-08-04T00:04:17.180Z (4 months ago)
- Language: Java
- Size: 1.21 MB
- Stars: 39
- Watchers: 8
- Forks: 12
- Open Issues: 0
-
Metadata Files:
- Readme: README.md
- License: LICENSE
Awesome Lists containing this project
- awesome-burp-extensions - Burp-IndicatorsOfVulnerability - Burp extension that checks application requests and responses for indicators of vulnerability or targets for attack (Custom Features)
README
# Burp-IndicatorsOfVulnerability
Burp extension that checks application requests and responses for indicators of vulnerability or targets for attackThe extension checks the following things:
1. Application response bodies for specific strings that indicate a vulnerability is present, such as error output indicative of SQLi, Serialization issues, XXE issues, etc, and
2. Application requests in the URL and Body for potential targets of SSRF/LFI/RFI/Directory Traversal/URL Injection attack.
3. Application requests and responses in URLs, bodies, and headers for AWS S3 buckets/Azure Storage containers/Google storage containers.
4. Application requests for parameters that might indicate targets for other common attack vectors (similar to HUNT).
5. Application responses for potential leaking of secrets.Usage
=====All you have to do is add the JAR as an extension in Burp, add the targets to your scope in which you want to identify issues, and then it will monitor all Burp traffic.
Future
======Continue adding and improving the matches as well as add a tab to create your own.