bao7uo / waf-cookie-fetcher
WAF Cookie Fetcher is a Burp Suite extension written in Python, which uses a headless browser to obtain the values of WAF-injected cookies which are calculated in the browser by client-side JavaScript code and adds them to Burp's cookie jar. Requires PhantomJS.
☆16Updated 6 years ago
Related projects ⓘ
Alternatives and complementary repositories for waf-cookie-fetcher
- A BurpSuite extension for beautifying .NET message parameters and hiding some of the extra clutter that comes with .NET web apps (i.e. __…☆12Updated 9 years ago
- Burp extension for automated handling of CSRF tokens☆16Updated 6 years ago
- Collection of different exploitation scenarios of JWT.☆21Updated 3 years ago
- burp extender for fuzzing☆10Updated 6 years ago
- Everything about xss protection technology☆15Updated 5 years ago
- So many shells in so little time☆10Updated 5 years ago
- Parse X509 certificates to get the (sub)domains in it.☆28Updated 6 years ago
- Abusing SketchUp to make persistence on Windows☆20Updated 5 years ago
- String or worldlist encoder for use in fuzzing or web application testing☆17Updated 5 years ago
- It becomes the extension of Burp suite. The cookie set by the BipIP server may include a private IP, which is an extension to detect tha…☆15Updated 5 months ago
- Python crawler for remote Windows shares☆12Updated 8 years ago
- Python tool for expired domain discovery in crossdomain.xml files☆22Updated 7 years ago
- Merge results from NMAP and Masscan into one CSV file☆18Updated 6 years ago
- ☆20Updated 4 years ago
- The Recon scanning tool scans websites for open files & directories specified in the custom config file. Default server configuration fil…☆15Updated 6 years ago
- A bunch of tricks and configs to configure a work environment for web pentesting☆12Updated 6 years ago
- Useful Windows and AD tools☆15Updated 2 years ago
- A playground to practice SSRF Attacks against web apps☆17Updated 6 years ago
- ☆13Updated 2 years ago
- A tool that can help detect and takeover subdomains with dead DNS records☆12Updated 6 years ago
- Security Advisories☆10Updated 5 years ago
- Finally, reverse/bind shells written in python, encrypted with ssl!☆38Updated 5 years ago
- RCE Exploit PoC for Spring based RESTFul APIs using XStream as Unmarshaler☆20Updated 10 years ago
- "HeaderScan" Burp Plugin☆17Updated 10 years ago
- A multi-threaded scanner that helps identify CORS flaws/misconfigurations☆18Updated 4 years ago
- eXtremely fast data eXtraction via blind SQL injection☆14Updated 12 years ago
- A Flexible Web Shell Client, Built on Electron☆13Updated last year