dobin / burpsentinel Goto Github PK
View Code? Open in Web Editor NEWGUI Burp Plugin to ease discovering of security holes in web applications
Home Page: https://github.com/dobin/BurpSentinel/wiki
License: GNU General Public License v3.0
GUI Burp Plugin to ease discovering of security holes in web applications
Home Page: https://github.com/dobin/BurpSentinel/wiki
License: GNU General Public License v3.0
Deprecated Extender API: registerMenuItem()
On installing i m getting the following error on my burp suite v2022.12.4
java.lang.Exception: Extension class is not a recognized type
at burp.ao0.M(Unknown Source)
at burp.ao0.l(Unknown Source)
at burp.wf8.t(Unknown Source)
at burp.cci.o(Unknown Source)
at burp.can.lambda$panelLoaded$0(Unknown Source)
at java.base/java.util.concurrent.Executors$RunnableAdapter.call(Executors.java:539)
at java.base/java.util.concurrent.FutureTask.run(FutureTask.java:264)
at java.base/java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1136)
at java.base/java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:635)
at java.base/java.lang.Thread.run(Thread.java:833)
When scanning, hide all answers which are identical to the original response.
Or: Tag it
Optional: Make it optional
also bei SQLi fehlt definitiv eine payload 'or 1=1. ansonsten übersieht er jeden Auth-bypass. Aber das ist ja mit ner konfigurierbaren Payloadliste erledigt
Add or not?
ansonsten usability: wenn der test noch läuft und ich die erste Response ansehe, wird das response-fenster immer wieder neu aufgebaut bzw nach ganz oben gescrollt sobald eine weitere Response eintrifft
Fix window
achso, evtl sollte man noch bei Status Code 500 und Page Title "Server Error" irgendwas anzeigen, dass man dort manuell kontrollieren sollte
Wontfix.
das Fenster vom Categorizer lässt sich nicht mehr schließen :)
Usability: Should be possible to close the window with the standard windowmanager controls.
So Sentiel seems to just stop working in the attack sections. One or two URLs work fine and then it just stops and I need to reopen Burp again. It is a tiny bit annoying. Anyone else encountering this and is there a solution?
Attacks should not be selected per-parameter, but overall (also not per-request). Attacking a parameter should use the attacks specified in the overall configuration.
The "HTML Errors" indicator sometimes appears, which means there are HTML differences.
But there is no output ("Error message") in the tooltip.
The indicator should only appear:
Make an menu option with right click on reponse:
"Hide requests with identical response"
("Hide requests with similar reponse")
From burp release:
There are new settings to enable session handling rules to be in scope for the Extender tool, and to update Burp's cookie jar based on traffic via Extender, allowing requests made by extensions to be fully integrated with Burp's session handling mechanisms.
Integrate with sentinel session handling.
URLDecode the attack param on tooltip, so we can know what was exactly sent.
Insert {} stuff
Implement #22 in burp history
Release new version into the burp app store
First request takes 10+ seconds, then its fast
There is no scrolling available for the resource list (top of Sentinel).
User is required to move other parts of the window around to list all interesting resources.
"æ" gets sent, which is ASCII e6.
Maybe also add some UTF8/16/LE/BE/... strings.
Write a tutorial with all features (e.g. persistent XSS).
Either with GIF's, or as video.
Color the attacks in panelright.
Click on several attacks on panelright -> rightclick -> copy: should nicely copy attacks into clipboard
while scanning, top panel should not be rebuild every time a message is added, as it become unusable.
The selection of requests does not work reliable if scanning. (rightpanel)
Hi,
I am running a test with Sentinel looking for sql injections. The website returns an .NET SQL Exception error which is clearly injectable. However Sentinel informs me only for the errors. Is it possible to customize how to detect SQL injections. For example looking for a specific keyword. If yes can it be configurable?
Thanks
A declarative, efficient, and flexible JavaScript library for building user interfaces.
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
An Open Source Machine Learning Framework for Everyone
The Web framework for perfectionists with deadlines.
A PHP framework for web artisans
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
Some thing interesting about web. New door for the world.
A server is a program made to process requests and deliver data to clients.
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
Some thing interesting about visualization, use data art
Some thing interesting about game, make everyone happy.
We are working to build community through open source technology. NB: members must have two-factor auth.
Open source projects and samples from Microsoft.
Google ❤️ Open Source for everyone.
Alibaba Open Source for everyone
Data-Driven Documents codes.
China tencent open source team.