Bypassing-Web-Application-Firewalls-And-XSS-Filters A series of python scripts for generating weird character combinations and lists for BurpSuite Pro for bypassing web application firewalls (WAF) and XSS filters. These python scripts have been created to fuzz wierd combinations: URL Escape Characters HTML Escape Characters Binary …
☆145Oct 2, 2020Updated 5 years ago
Alternatives and similar repositories for Bypass-Web-Application-Firewalls
Users that are interested in Bypass-Web-Application-Firewalls are comparing it to the libraries listed below. We may earn a commission when you buy through links labeled 'Ad' on this page.
Sorting:
- Subvenkon is a subdomain enumerator from Venkon☆22Jun 22, 2020Updated 5 years ago
- A Burpsuite extension written in Python to perform basic validation fuzzing☆11Oct 7, 2022Updated 3 years ago
- SSRF (Server Side Request Forgery) testing resources☆2,482Oct 12, 2024Updated last year
- ☆27Mar 18, 2020Updated 6 years ago
- A tool to embed XXE and XSS payloads in docx, odt, pptx, xlsx files (oxml_xxe on steroids)☆679Jan 28, 2024Updated 2 years ago
- Proton VPN Special Offer - Get 70% off • AdSpecial partner offer. Trusted by over 100 million users worldwide. Tested, Approved and Recommended by Experts.
- Extract relative urls from a heap snapshot☆87May 30, 2021Updated 4 years ago
- Burp Bounty (Scan Check Builder in BApp Store) is a extension of Burp Suite that allows you, in a quick and simple way, to improve the ac…☆1,787Apr 26, 2024Updated last year
- Tools and resources for web app hacking. The payloads.txt documents are a must have for your Burpsuite intruder payload armory. They've h…☆28Jun 10, 2019Updated 6 years ago
- CollabOzark is a simple tool which helps the researchers track SSRF, RCE, Blind XSS, XXE, External Resource Access payloads triggers.☆136Sep 25, 2019Updated 6 years ago
- HTML5 Training material for Attack and Secure training sessions.☆43Feb 25, 2023Updated 3 years ago
- HackBar plugin for Burpsuite☆1,619Apr 15, 2021Updated 4 years ago
- Exploits for some of the vulnerabilities I have discovered☆19Aug 3, 2020Updated 5 years ago
- Repository contains an online education portal filled with web vulnerabilities.☆21Jan 3, 2020Updated 6 years ago
- ☆11Aug 27, 2020Updated 5 years ago
- Open source password manager - Proton Pass • AdSecurely store, share, and autofill your credentials with Proton Pass, the end-to-end encrypted password manager trusted by millions.
- Ghazi is a BurpSuite Plugins For Testing various PayLoads Like "XSS,SQLi,SSTI,SSRF,RCE and LFI" through Different tabs , Where Each Tab W…☆107Feb 11, 2019Updated 7 years ago
- Collection of Bug Bounty Tips☆65Dec 10, 2019Updated 6 years ago
- 便捷地使用PostgreSQL自定义函数来执行系统命令,适用于数据库管理员知道postgres密码却不知道ssh或RDP密码的时候在服务器执行系统命令。☆55Mar 10, 2020Updated 6 years ago
- Java After-Deserialization Attack☆79Apr 26, 2021Updated 4 years ago
- Standalone version of my AES Powershell payload for Cobalt Strike.☆111Dec 27, 2019Updated 6 years ago
- A pyhon script to do port scan via weblogic uuid☆10Oct 1, 2020Updated 5 years ago
- Shiro_721 exp 纯手工实现Padding Oracle整个过程☆67Nov 20, 2019Updated 6 years ago
- Keep track of changes in website with WEBSY☆35May 22, 2023Updated 2 years ago
- ☆162Dec 7, 2017Updated 8 years ago
- Open source password manager - Proton Pass • AdSecurely store, share, and autofill your credentials with Proton Pass, the end-to-end encrypted password manager trusted by millions.
- List out all of payload for security testing☆25May 2, 2022Updated 3 years ago
- A collection of Burpsuite Intruder payloads, BurpBounty payloads, fuzz lists, malicious file uploads and web pentesting methodologies and…☆3,907Sep 27, 2021Updated 4 years ago
- tomcat使用了自带session同步功能时,不安全的配置(没有使用EncryptInterceptor)导致存在的反序列化漏洞,通过精心构造的数据包, 可以对使用了tomcat自带session同步功能的服务器进行攻击。PS:这个不是CVE-2020-9484,9484…☆212May 19, 2020Updated 5 years ago
- Quick SQLMap Tamper Suggester☆1,399Jul 18, 2022Updated 3 years ago
- Fetch known URLs from AlienVault's Open Threat Exchange, the Wayback Machine, and Common Crawl and Filter Urls With OpenRedirection or SS…☆174Nov 11, 2020Updated 5 years ago
- HTTP parameter discovery suite.☆93Apr 16, 2020Updated 5 years ago
- ☆13Jul 12, 2021Updated 4 years ago
- BurpSuite extension to inject custom cross-site scripting payloads on every form/request submitted to detect blind XSS vulnerabilities☆118Dec 23, 2025Updated 3 months ago
- Everything you need about Burp Extension Generation☆157Jan 6, 2023Updated 3 years ago
- GPU virtual machines on DigitalOcean Gradient AI • AdGet to production fast with high-performance AMD and NVIDIA GPUs you can spin up in seconds. The definition of operational simplicity.
- Zimbra XXE+SSRF+UPLOAD Poc☆59Jun 25, 2019Updated 6 years ago
- DOM XSS scanner for Single Page Applications☆414Nov 15, 2025Updated 4 months ago
- qsfuzz (Query String Fuzz) allows you to build your own rules to fuzz query strings and easily identify vulnerabilities.☆303Feb 12, 2023Updated 3 years ago
- Exploit and detect tools for CVE-2020-0688☆356Mar 21, 2020Updated 6 years ago
- CVE-2019-8449 Exploit for Jira v2.1 - v8.3.4☆68Feb 3, 2020Updated 6 years ago
- 通过BurpSuite来构建自己的爆破字典,可以通过字典爆破来发现隐藏资产。☆502Jan 30, 2024Updated 2 years ago
- Probe endpoints consuming Java serialized objects to identify classes, libraries, and library versions on remote Java classpaths.☆612Mar 4, 2021Updated 5 years ago