https://github.com/dobin/burpsentinel

GUI Burp Plugin to ease discovering of security holes in web applications
https://github.com/dobin/burpsentinel

Last synced: 11 months ago
JSON representation

GUI Burp Plugin to ease discovering of security holes in web applications

• Host: GitHub
• URL: https://github.com/dobin/burpsentinel
• Owner: dobin
• License: gpl-3.0
• Created: 2013-05-27T19:02:08.000Z (about 13 years ago)
• Default Branch: master
• Last Pushed: 2017-03-26T14:14:45.000Z (about 9 years ago)
• Last Synced: 2024-11-09T05:34:59.697Z (over 1 year ago)
• Language: Java
• Homepage: https://github.com/dobin/BurpSentinel/wiki
• Size: 16.2 MB
• Stars: 147
• Watchers: 19
• Forks: 33
• Open Issues: 17
• Metadata Files:
  • Readme: README.md
  • License: LICENSE.md

Awesome Lists containing this project

• awesome-burp-suite - **90**星

README

          
# Burp Sentinel

Eases discovery of common security holes in web applications.

* Intro / tutorial: https://github.com/dobin/BurpSentinel/wiki/BurpSentinel---HowTo-and-introduction

* Blog: http://dobin.github.io/

With BurpSentinel it is possible for the penetration tester to quickly and easily

send a lot of malicious requests to parameters of a HTTP request. Not only that,

but it also shows a lot of information of the HTTP responses, corresponding to the

attack requests. Its easy to find low-hanging fruits and hidden vulnerabilities

like this, and allows the tester to focus on more important stuff!

## Features

* Attack payloads already inside

* Identification of reflected XSS, and stored XSS

* Identification of SQL injections (non-blind)

* Indicators and visual aid for the user to identify blind/fullblind SQL injections

* Diff original and modified requests easily

## Other 

What it cannot do:

* Find DOM Injections

* Exploit vulnerabilities

Alternatives:

* Ironwasp (www.ironwasp.org, .NET)

* Wfuzz (www.edge-security.com/wfuzz.php, Python)