GithubHelp home page GithubHelp logo

nizernizer / galaxy Goto Github PK

View Code? Open in Web Editor NEW

This project forked from outlaws-bai/galaxy

0.0 0.0 0.0 3.17 MB

Burp插件,主要实现在HTTP报文二次加密场景下自动解密以使得Burp中展示明文报文的功能

License: Apache License 2.0

JavaScript 2.61% Python 2.38% Java 95.01%

galaxy's Introduction

Galaxy

Burp插件,主要实现在 HTTP报文二次加密 场景下,自动解密以使得Burp中展示明文报文的功能。

功能介绍

Http Hook

使用Burp新版 Montoya API 开发,从中提取出四个阶段,你可以使用Python、JS、Java语言或Grpc来完成四个阶段的处理逻辑以实现需求。

项目已内置多种加解密规则,对于常规算法可以做到开箱即用。

进一步了解:Detail

hook

其他功能

  1. Parse Swagger Api Doc: 解析swagger文档,生成所有URL的请求,带入参数、路径、描述。可选自动发送。
  2. Bypass Host Check: 绕过服务端在csrf/ssrf的测试点对host做了验证。
  3. Bypass Auth Of Path: 通过修改Path的方式绕过某些认证/鉴权/拦截。

安装指引

插件下载:Download

插件安装:Extender -> Extensions -> Add - Select File -> Next

自行构建:build.gradle -> shadowJar

注意事项:

  1. 项目采用Burp Montoya API 开发,Burp版本不低于v2023.10.3.7Update
  2. 项目使用JDK 17进行开发及编译,请确保启动Burp的JDK不低于17。 Update

优势特点

  1. 简单高效:用户不需要启动多余的本地服务,配置成功后可以自动对报文进行加解密。
  2. 上手容易:通用算法已有示例,能做到开箱即用。
  3. 灵活:可以使用Python、JS、Java、Grpc多种方式实现以满足需求。
  4. 支持面广:如加密算法组合、自定义算法、动态密钥等均可以支持。

Next

  1. 支持配合桌面扫描器一起使用,使得扫描器可以扫描明文请求并得到明文响应。
  2. 提出在涉及非对称加密(不已知私钥)下的使用方法。

交流

期待你的star,如果该项目对你有帮助的话 ~

如果你发现BUG或有好的建议,,欢迎在GitHub上提Issue或扫码添加下方微信群一起交流讨论。

(二维码失效请添加wx号outlaws_bai,并备注 Galaxy交流 。)

常用地址

BurpDownload

BurpJavaDoc

BurpExtExamples

JDK17Download

Recommend Projects

  • React photo React

    A declarative, efficient, and flexible JavaScript library for building user interfaces.

  • Vue.js photo Vue.js

    🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.

  • Typescript photo Typescript

    TypeScript is a superset of JavaScript that compiles to clean JavaScript output.

  • TensorFlow photo TensorFlow

    An Open Source Machine Learning Framework for Everyone

  • Django photo Django

    The Web framework for perfectionists with deadlines.

  • D3 photo D3

    Bring data to life with SVG, Canvas and HTML. 📊📈🎉

Recommend Topics

  • javascript

    JavaScript (JS) is a lightweight interpreted programming language with first-class functions.

  • web

    Some thing interesting about web. New door for the world.

  • server

    A server is a program made to process requests and deliver data to clients.

  • Machine learning

    Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.

  • Game

    Some thing interesting about game, make everyone happy.

Recommend Org

  • Facebook photo Facebook

    We are working to build community through open source technology. NB: members must have two-factor auth.

  • Microsoft photo Microsoft

    Open source projects and samples from Microsoft.

  • Google photo Google

    Google ❤️ Open Source for everyone.

  • D3 photo D3

    Data-Driven Documents codes.