federicodotta / Burp-Suite-Extender-Montoya-Course
This repository contains all the examples related to a series of tutorials that demonstrate how to use the new Montoya API of Burp Suite to create extensions that will greatly simplify our pentester lives.
☆33Updated last month
Related projects: ⓘ
- This tool tries to find interesting stuff inside static files; mainly JavaScript and JSON files.☆54Updated last year
- Gopher Tomcat Deployer☆47Updated 5 years ago
- Utility for creating ZipSlip archives☆66Updated last year
- ☆22Updated last year
- Burp extension to generate multi-step CSRF POC.☆29Updated 4 years ago
- ☆64Updated 2 years ago
- BurpSuite extension to convert requests into bcheck scripts☆30Updated last year
- Perform TE.CL HTTP Request Smuggling attacks by crafting HTTP Request automatically.☆67Updated 2 years ago
- Additional nuclei templates☆31Updated 11 months ago
- ☆54Updated last year
- Find sources and sinks in js code that could lead to DOM XSS 🔎💧🚰☆21Updated 6 months ago
- Burp Bounty profiles☆82Updated 2 years ago
- Improve automated and semi-automated active scanning in Burp Pro☆60Updated 2 years ago
- Messy BurpSuite plugin for SQL Truncation vulnerabilities.☆61Updated 4 years ago
- Dependency Confusion Security Testing Tool☆39Updated 2 years ago
- Burp Suite plugin to copy regex matches from selected requests and/or responses to the clipboard.☆33Updated 2 years ago
- Burp extension to filter JSON on the fly with JQ queries in the HTTP message viewer.☆42Updated 3 years ago
- NotSoCereal: A Deserialization exploit playground☆48Updated 2 years ago
- ☆13Updated 2 weeks ago
- Scalpel is a Burp extension for intercepting and rewriting HTTP traffic, either on the fly or in the Repeater using Python 3 scripts.☆51Updated 3 months ago
- A command-line tool for Cross-Site WebSocket Hijacking☆39Updated 11 months ago
- A Burp Suite extension which augments your proxy traffic by injecting log4shell payloads into headers☆42Updated 2 years ago
- Burp Extension that lets you use Burp Collaborator as a DNS server for exfiltrating data via Sqlmap☆36Updated 2 years ago
- Spring4Shell Burp Scanner☆65Updated 2 years ago
- Authenticated SSRF in Grafana☆76Updated 2 months ago
- ☆35Updated 4 years ago
- A simple Swagger-ui scanner that can detect old versions vulnerable to various XSS attacks☆53Updated 5 years ago
- Modified Nuclei Templates Version to FUZZ Host Header☆48Updated 2 years ago
- A tampered payload generator to Fuzz Web Application Firewalls☆34Updated 4 years ago