Ecosyste.ms: Awesome

An open API service indexing awesome lists of open source software.

Awesome Lists | Featured Topics | Projects

https://github.com/dobin/BurpSentinel

GUI Burp Plugin to ease discovering of security holes in web applications
https://github.com/dobin/BurpSentinel

Last synced: 3 months ago
JSON representation

GUI Burp Plugin to ease discovering of security holes in web applications

Host: GitHub
URL: https://github.com/dobin/BurpSentinel
Owner: dobin
License: gpl-3.0
Created: 2013-05-27T19:02:08.000Z (over 11 years ago)
Default Branch: master
Last Pushed: 2017-03-26T14:14:45.000Z (over 7 years ago)
Last Synced: 2024-07-30T20:34:05.503Z (3 months ago)
Language: Java
Homepage: https://github.com/dobin/BurpSentinel/wiki
Size: 16.2 MB
Stars: 149
Watchers: 19
Forks: 33
Open Issues: 17
Metadata Files:
- Readme: README.md
- License: LICENSE.md

Awesome Lists containing this project

README

# Burp Sentinel

Eases discovery of common security holes in web applications.

* Intro / tutorial: https://github.com/dobin/BurpSentinel/wiki/BurpSentinel---HowTo-and-introduction
* Blog: http://dobin.github.io/

With BurpSentinel it is possible for the penetration tester to quickly and easily
send a lot of malicious requests to parameters of a HTTP request. Not only that,
but it also shows a lot of information of the HTTP responses, corresponding to the
attack requests. Its easy to find low-hanging fruits and hidden vulnerabilities
like this, and allows the tester to focus on more important stuff!

## Features

* Attack payloads already inside
* Identification of reflected XSS, and stored XSS
* Identification of SQL injections (non-blind)
* Indicators and visual aid for the user to identify blind/fullblind SQL injections
* Diff original and modified requests easily

## Other

What it cannot do:
* Find DOM Injections
* Exploit vulnerabilities

Alternatives:
* Ironwasp (www.ironwasp.org, .NET)
* Wfuzz (www.edge-security.com/wfuzz.php, Python)