SecPriv / cookiecrumbles
Cookie Crumbles: Breaking and Fixing Web Session Integrity
☆23Updated last year
Related projects: ⓘ
- A collection of Server-Side Prototype Pollution gadgets and exploits☆124Updated 3 weeks ago
- Unsecure time-based secret exploitation and Sandwich attack implementation Resources☆110Updated last month
- PP-finder Help you find gadget for prototype pollution exploitation☆127Updated last month
- ☆83Updated 9 months ago
- FlowMate, a BurpSuite extension that brings taint analysis to web applications, by tracking all parameters send to a target application a…☆151Updated 3 weeks ago
- ☆56Updated last month
- ☆143Updated last year
- This tool tries to find interesting stuff inside static files; mainly JavaScript and JSON files.☆54Updated last year
- GQLSpection - parses GraphQL introspection schema and generates possible queries☆67Updated 2 months ago
- A rapid HTTP downgrade smuggling scanner written in Go.☆242Updated 4 months ago
- This repository stores some of my custom BCheck Scan configurations. Its goal is to identify intriguing elements that warrant further man…☆86Updated 7 months ago
- Unofficial documentation for the great tool Param Miner☆169Updated 2 years ago
- CSPT is an open-source Burp Suite extension to find and exploit Client-Side Path Traversal.☆80Updated 2 months ago
- SignSaboteur is a Burp Suite extension for editing, signing, verifying various signed web tokens☆134Updated 3 months ago
- A PoC code for JSON Smuggling technique to smuggle arbitrary files through JSON☆112Updated 5 months ago
- Useful configurations for the DomLogger++ extension☆23Updated last week
- A tool to inspect and attack version 1 GUIDs☆206Updated last year
- Searcher for cross-site leaks (XS-Leaks)☆81Updated last year
- ☆81Updated 2 months ago
- A GraphQL enumeration and extraction tool☆127Updated last year
- Some tips for Bug Bounty using LibreOffice☆28Updated 2 months ago
- TheThing: an open-source tool to detect DOM Clobbering vulnerabilities☆38Updated 10 months ago
- A chrome/Firefox extension to retrieve and load react javascript chunks all at once for a wide range of javascript techs☆60Updated 2 months ago
- Bambdas collection for Burp Suite Professional and Community.☆193Updated last month
- EvenBetter is a frontend Caido plugin that makes the Caido experience even better 😎☆124Updated 2 weeks ago
- Finds graphql queries in javascript files☆56Updated 4 months ago
- A python based minimal DNS server to test/verify DNS rebinding attacks☆30Updated last year
- 🛠️ Workflows created by the community☆56Updated last month
- DOM Clobbering Wiki, Browser Testing, and Payload Generation☆43Updated 9 months ago
- Golang tool which helps dropping the irrelevant entries from your ffuf result file.☆129Updated this week
- Here i will post my writeups :)☆31Updated last year