https://github.com/guguyu1/IDOR-bypass-fuzz

IDOR bypass fuzz 权限绕过burp 插件 fuzz （shiro 等）
https://github.com/guguyu1/IDOR-bypass-fuzz

Last synced: 5 months ago
JSON representation

IDOR bypass fuzz 权限绕过burp 插件 fuzz （shiro 等）

• Host: GitHub
• URL: https://github.com/guguyu1/IDOR-bypass-fuzz
• Owner: guguyu1
• Created: 2021-08-30T05:16:26.000Z (over 3 years ago)
• Default Branch: main
• Last Pushed: 2021-09-01T06:04:03.000Z (over 3 years ago)
• Last Synced: 2024-08-05T17:44:44.273Z (9 months ago)
• Language: Python
• Size: 17.6 KB
• Stars: 25
• Watchers: 1
• Forks: 2
• Open Issues: 0
• Metadata Files:
  • Readme: README.md

Awesome Lists containing this project

• awesome-hacking-lists - guguyu1/IDOR-bypass-fuzz - IDOR bypass fuzz 权限绕过burp 插件 fuzz （shiro 等） (Python)

README

        
# IDOR-bypass-fuzz

IDOR bypass fuzz 权限绕过burp 插件 fuzz （shiro 等）

具体实现：获取所有code:200,302请求, 全部去掉cookie进行请求, 返回码除了200全部进行IDOR fuzz测试,出现返回code:200输出payload。

![image](https://user-images.githubusercontent.com/50195525/131288882-17babc23-4c79-49bb-a6f8-63ed6aa7b86b.png)

在shiro权限绕过的基础上，又添加了一下fuzz payload, fuzz一下更健康。

![image](https://user-images.githubusercontent.com/50195525/131289016-194b9b5f-ca3d-42a7-b244-5c4b70fcbcf5.png)

在https://github.com/sting8k/BurpSuite_403Bypasser 基础上进行的更改。