GithubHelp home page GithubHelp logo

burpplugin's Introduction

BurpPlugin

我个人使用burp的一些标配插件。

破解

关于burp破解可以直接用大佬的注册机,程序直接下官方的原版就行,网上教程多这里不再bb。
https://portswigger.net/burp/releases
https://github.com/TrojanAZhen/BurpSuitePro-2.1

插件

根据个人需求来装。

Shelling

https://github.com/ewilded/shelling

跑命令执行代码执行

ActiveScan++

商店下载

J2EEScan

商店下载

Reflector

下载地址:https://github.com/elkokc/reflector

通过设置Content-Type, 我们可以快速找到请求中的参数哪个被返回到回显的Body。

BurpJSLinkFinder

下载地址:https://github.com/InitRoot/BurpJSLinkFinder

Hack Bar

下载地址:https://github.com/d3vilbug/HackBar

不用说

SSRF-King

下载地址:https://github.com/ethicalhackingplayground/ssrf-king

支持扫描和自动发现SSRF漏洞。

burp-sensive-param-extractor

下载地址:https://github.com/theLSA/burp-sensitive-param-extractor
检测敏感参数

Burp-unauth-checker

下载地址:https://github.com/theLSA/burp-unauth-checker
检测未授权

FastjsonScan

下载地址:https://github.com/zilong3033/fastjsonScan

不多说

BurpShiroPassiveScan

下载地址:https://github.com/pmiaowu/BurpShiroPassiveScan

自动检测Shiro+发现密钥,不依赖dnslog来检查。

HaE

下载地址:https://github.com/gh0stkey/HaE

用于高亮特征和定位敏感信息

Unexpected information

下载地址:https://github.com/ScriptKid-Beta/Unexpected_information

用于高亮特征和定位敏感信息和HaE一样,我用的这个,HaE也不错

JSONBeautifier

美化json

JSON decoder

商店有,美化json。新版本用来替代JSONBeautifier。但是我还是喜欢用JSONBeautifier。

403Bypasser

下载地址:https://github.com/sting8k/BurpSuite_403Bypasser
用各种姿势来绕过403访问

LFI+scanner+checks

扫描LFI的,找不到地址了

sqlmap4burp++

下载地址:https://github.com/c0ny1/sqlmap4burp-plus-plus
联动sqlmap

Recommend Projects

  • React photo React

    A declarative, efficient, and flexible JavaScript library for building user interfaces.

  • Vue.js photo Vue.js

    🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.

  • Typescript photo Typescript

    TypeScript is a superset of JavaScript that compiles to clean JavaScript output.

  • TensorFlow photo TensorFlow

    An Open Source Machine Learning Framework for Everyone

  • Django photo Django

    The Web framework for perfectionists with deadlines.

  • D3 photo D3

    Bring data to life with SVG, Canvas and HTML. 📊📈🎉

Recommend Topics

  • javascript

    JavaScript (JS) is a lightweight interpreted programming language with first-class functions.

  • web

    Some thing interesting about web. New door for the world.

  • server

    A server is a program made to process requests and deliver data to clients.

  • Machine learning

    Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.

  • Game

    Some thing interesting about game, make everyone happy.

Recommend Org

  • Facebook photo Facebook

    We are working to build community through open source technology. NB: members must have two-factor auth.

  • Microsoft photo Microsoft

    Open source projects and samples from Microsoft.

  • Google photo Google

    Google ❤️ Open Source for everyone.

  • D3 photo D3

    Data-Driven Documents codes.