Ecosyste.ms: Awesome
An open API service indexing awesome lists of open source software.
https://github.com/nccgroup/burpsuitehttpsmuggler
A Burp Suite extension to help pentesters to bypass WAFs or test their effectiveness using a number of techniques
https://github.com/nccgroup/burpsuitehttpsmuggler
burpsuite burpsuite-extender bypass waf
Last synced: about 17 hours ago
JSON representation
A Burp Suite extension to help pentesters to bypass WAFs or test their effectiveness using a number of techniques
- Host: GitHub
- URL: https://github.com/nccgroup/burpsuitehttpsmuggler
- Owner: nccgroup
- License: agpl-3.0
- Created: 2018-07-03T07:47:58.000Z (over 6 years ago)
- Default Branch: master
- Last Pushed: 2019-05-04T06:15:42.000Z (over 5 years ago)
- Last Synced: 2024-04-14T21:07:37.250Z (7 months ago)
- Topics: burpsuite, burpsuite-extender, bypass, waf
- Language: Java
- Homepage:
- Size: 2.6 MB
- Stars: 683
- Watchers: 28
- Forks: 110
- Open Issues: 1
-
Metadata Files:
- Readme: README.md
- Changelog: CHANGELOG
- License: LICENSE
Awesome Lists containing this project
README
# Burp Suite HTTP Smuggler
A Burp Suite extension to help pentesters to bypass WAFs or test their effectiveness using a number of techniques.
This extension has been developed by Soroush Dalili (@irsdl) from NCC Group.
The initial release (v0.1) only supports the Encoding capability that can be quite complicated to be performed manually.
See the references for more details.
Next versions will include more techniques and possible bug fixes.
# Example Screenshots
# References:
* https://appseceurope2018a.sched.com/event/EgXc/waf-bypass-techniques-using-http-standard-and-web-servers-behavior
* https://www.nccgroup.trust/uk/about-us/newsroom-and-events/blogs/2017/august/request-encoding-to-bypass-web-application-firewalls/
* https://www.nccgroup.trust/uk/about-us/newsroom-and-events/blogs/2017/september/rare-aspnet-request-validation-bypass-using-request-encoding/
Released under AGPL v3.0 see LICENSE for more information