ozzi- / JWT4B
JWT Support for Burp
☆240Updated last month
Related projects: ⓘ
- A blind XXE injection callback handler. Uses HTTP and FTP to extract information. Originally written in Ruby by ONsec-Lab.☆509Updated 4 years ago
- YSOSERIAL Integration with burp suite☆160Updated last year
- Probe endpoints consuming Java serialized objects to identify classes, libraries, and library versions on remote Java classpaths.☆581Updated 3 years ago
- XXE Out of Band Server.☆168Updated last year
- MOGWAI LABS JMX exploitation toolkit☆196Updated last year
- An Out-of-Band XXE server for retrieving file contents over FTP.☆171Updated 4 years ago
- Data extraction tool for Docker Registry API☆123Updated 7 months ago
- WSDL Parser extension for Burp☆206Updated 6 years ago
- Spring Boot Actuator (jolokia) XXE/RCE☆318Updated 4 years ago
- Java deserialization exploitation lab.☆234Updated 5 years ago
- Burp extension intended to compact Burp extension tabs by hijacking them to own tab.☆126Updated 3 years ago
- Exploit for Drupal 7 <= 7.57 CVE-2018-7600☆124Updated 6 years ago
- forked from frohoff/ysoserial and added my own payloads.☆149Updated 4 years ago
- J2EEScan is a plugin for Burp Suite Proxy. The goal of this plugin is to improve the test coverage during web application penetration tes…☆72Updated 3 years ago
- JWT Support for Burp☆106Updated 2 weeks ago
- A static byte code analyzer for Java deserialization gadget research☆242Updated 7 years ago
- PoC for CVE-2020-6287, CVE-2020-6286 (SAP RECON vulnerability)☆215Updated 3 years ago
- Collection of bypass gadgets to extend and wrap ysoserial payloads☆349Updated 2 years ago
- ZAP/Burp plugin that generate script to reproduce a specific HTTP request (Intended for fuzzing or scripted attacks)☆287Updated last year
- CVE-2020–14882、CVE-2020–14883☆283Updated 3 years ago
- A mini webserver with FTP support for XXE payloads☆326Updated 8 months ago
- Sample codes written for the Hackers to Hackers Conference magazine 2017 (H2HC).☆491Updated 2 years ago
- SecLists is the security tester's companion. It's a collection of multiple types of lists used during security assessments, collected in …☆136Updated 5 years ago
- A vulnerable application exposing Spring Boot Actuators☆123Updated 5 years ago
- poison and relay NTLM credentials☆172Updated 5 years ago
- Central Repo for Burp extensions☆146Updated 2 years ago
- A Burp extension for generic extraction and reuse of data within HTTP requests and responses.☆90Updated 2 years ago
- This repo contains the files required to perform a CSRF attack using Flash and HTTP 307 redirections.☆75Updated 6 years ago
- Insecure programming functions database☆102Updated last year
- Redis 4.x & 5.x RCE☆138Updated 5 years ago