ivision-research / burpscript
☆55Updated 2 months ago
Related projects: ⓘ
- A project for fuzzing HTTP/1.1 CL.0 Request Smuggling Attack Vectors☆84Updated 7 months ago
- Scalpel is a Burp extension for intercepting and rewriting HTTP traffic, either on the fly or in the Repeater using Python 3 scripts.☆51Updated 3 months ago
- A simple mutator engine which focuses on finding unknown classes of injection vulnerabilities☆63Updated 6 months ago
- FlowMate, a BurpSuite extension that brings taint analysis to web applications, by tracking all parameters send to a target application a…☆151Updated 3 weeks ago
- SignSaboteur is a Burp Suite extension for editing, signing, verifying various signed web tokens☆134Updated 3 months ago
- Burp Extension to add additional functionality for pentesting websocket based applications☆80Updated 3 months ago
- Additional resources for leaking and exploiting ObjRefs via HTTP .NET Remoting (CVE-2024-29059)☆84Updated 5 months ago
- 😹 Tomcter is a python tool developed to bruteforce Apache Tomcat manager login with default credentials.☆100Updated 6 months ago
- An extension to use Semgrep inside Burp Suite.☆86Updated last year
- ☆74Updated 4 months ago
- ☆50Updated last week
- A PoC code for JSON Smuggling technique to smuggle arbitrary files through JSON☆112Updated 5 months ago
- Updated version of the ProtoBurp Extension, with enhanced features and capabilities to encode and fuzz custom protobuf messages☆35Updated last year
- This repository offers insights and a proof-of-concept tool to exploit two significant deserialization vulnerabilities in Inductive Autom…☆44Updated 8 months ago
- Burp Suite's extension to scan and crawl Single Page Applications☆99Updated last year
- A rapid HTTP downgrade smuggling scanner written in Go.☆242Updated 4 months ago
- ☆39Updated 4 months ago
- Exploit for CVE-2024-20767 - Adobe ColdFusion☆33Updated 5 months ago
- This repository contains all the examples related to a series of tutorials that demonstrate how to use the new Montoya API of Burp Suite …☆33Updated last month
- Progress Telerik Report Server pre-authenticated RCE chain (CVE-2024-4358/CVE-2024-1800)☆71Updated 3 months ago
- Utility for creating ZipSlip archives☆66Updated last year
- Repository to store exploits created by Assetnotes Security Research team☆175Updated 10 months ago
- Fuzz WebSockets with custom Python code☆13Updated last month
- Slip is a CLI tool to create malicious archive files containing path traversal payloads. It supports zip, tar, 7z, jar, war, apk and ipa …☆83Updated 4 months ago
- a burp extension for dynamic payload generation to detect injection flaws (RCE, LFI, SQLi), creates access matrix based user sessions to …☆18Updated 3 weeks ago
- CVE-2023-33733 reportlab RCE☆109Updated last year
- PoC for CVE-2024-27130☆30Updated 4 months ago
- ☆13Updated 2 weeks ago
- Encode and Fuzz Custom Protobuf Messages in Burp Suite☆30Updated last year
- Burp Suite Extension - Trigger actions and reshape HTTP request/response and WebSocket traffic using configurable rules☆91Updated last week