Ecosyste.ms: Awesome

An open API service indexing awesome lists of open source software.

Awesome Lists | Featured Topics | Projects

https://github.com/nccgroup/BurpSuiteHTTPSmuggler

A Burp Suite extension to help pentesters to bypass WAFs or test their effectiveness using a number of techniques
https://github.com/nccgroup/BurpSuiteHTTPSmuggler

burpsuite burpsuite-extender bypass waf

Last synced: 3 months ago
JSON representation

A Burp Suite extension to help pentesters to bypass WAFs or test their effectiveness using a number of techniques

Host: GitHub
URL: https://github.com/nccgroup/BurpSuiteHTTPSmuggler
Owner: nccgroup
License: agpl-3.0
Created: 2018-07-03T07:47:58.000Z (over 6 years ago)
Default Branch: master
Last Pushed: 2019-05-04T06:15:42.000Z (over 5 years ago)
Last Synced: 2024-04-14T21:07:37.250Z (7 months ago)
Topics: burpsuite, burpsuite-extender, bypass, waf
Language: Java
Homepage:
Size: 2.6 MB
Stars: 683
Watchers: 28
Forks: 110
Open Issues: 1
Metadata Files:
- Readme: README.md
- Changelog: CHANGELOG
- License: LICENSE

Awesome Lists containing this project

awesome-rainmana - nccgroup/BurpSuiteHTTPSmuggler - A Burp Suite extension to help pentesters to bypass WAFs or test their effectiveness using a number of techniques (Java)
WebHackersWeapons - BurpSuiteHTTPSmuggler
awesome-burp-extensions - BurpSuiteHTTPSmuggler - A Burp Suite extension to help pentesters to bypass WAFs or test their effectiveness using a number of techniques. (Web Application Firewall Evasion / SSRF)
awesome-hacking-lists - nccgroup/BurpSuiteHTTPSmuggler - A Burp Suite extension to help pentesters to bypass WAFs or test their effectiveness using a number of techniques (Java)

README

# Burp Suite HTTP Smuggler
A Burp Suite extension to help pentesters to bypass WAFs or test their effectiveness using a number of techniques.
This extension has been developed by Soroush Dalili (@irsdl) from NCC Group.

The initial release (v0.1) only supports the Encoding capability that can be quite complicated to be performed manually.
See the references for more details.

Next versions will include more techniques and possible bug fixes.
# Example Screenshots
![AppSec EU 18 - example1](screenshots/AppSecEU18-example1.jpg?raw=true "AppSec EU 18 - example1")

![AppSec EU 18 - example2](screenshots/AppSecEU18-example2.jpg?raw=true "AppSec EU 18 - example2")

# References:
* https://appseceurope2018a.sched.com/event/EgXc/waf-bypass-techniques-using-http-standard-and-web-servers-behavior
* https://www.nccgroup.trust/uk/about-us/newsroom-and-events/blogs/2017/august/request-encoding-to-bypass-web-application-firewalls/
* https://www.nccgroup.trust/uk/about-us/newsroom-and-events/blogs/2017/september/rare-aspnet-request-validation-bypass-using-request-encoding/

Released under AGPL v3.0 see LICENSE for more information