Skip to content

Burp extension that checks application requests and responses for indicators of vulnerability or targets for attack

License

Notifications You must be signed in to change notification settings

codewatchorg/Burp-IndicatorsOfVulnerability

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

43 Commits
 
 
 
 
 
 
 
 
 
 
 
 

Repository files navigation

Burp-IndicatorsOfVulnerability

Burp extension that checks application requests and responses for indicators of vulnerability or targets for attack

The extension checks the following things:

  1. Application response bodies for specific strings that indicate a vulnerability is present, such as error output indicative of SQLi, Serialization issues, XXE issues, etc, and
  2. Application requests in the URL and Body for potential targets of SSRF/LFI/RFI/Directory Traversal/URL Injection attack.
  3. Application requests and responses in URLs, bodies, and headers for AWS S3 buckets/Azure Storage containers/Google storage containers.
  4. Application requests for parameters that might indicate targets for other common attack vectors (similar to HUNT).
  5. Application responses for potential leaking of secrets.

Usage

All you have to do is add the JAR as an extension in Burp, add the targets to your scope in which you want to identify issues, and then it will monitor all Burp traffic.

Future

Continue adding and improving the matches as well as add a tab to create your own.

About

Burp extension that checks application requests and responses for indicators of vulnerability or targets for attack

Resources

License

Stars

Watchers

Forks

Releases

No releases published

Packages

No packages published

Languages