53
GitHub - nccgroup/BurpSuiteHTTPSmuggler: A Burp Suite extension to help penteste...
source link: https://github.com/nccgroup/BurpSuiteHTTPSmuggler
Go to the source link to view the article. You can view the picture content, updated content and better typesetting reading experience. If the link is broken, please click the button below to view the snapshot at that time.
README.md
Burp Suite HTTP Smuggler
A Burp Suite extension to help pentesters to bypass WAFs or test their effectiveness using a number of techniques. This extension has been developed by Soroush Dalili (@irsdl) from NCC Group.
The initial release (v0.1) only supports the Encoding capability that can be quite complicated to be performed manually. See the references for more details.
Next versions will include more techniques and possible bug fixes.
Example Screenshots
References:
- https://appseceurope2018a.sched.com/event/EgXc/waf-bypass-techniques-using-http-standard-and-web-servers-behavior
- https://www.nccgroup.trust/uk/about-us/newsroom-and-events/blogs/2017/september/rare-aspnet-request-validation-bypass-using-request-encoding/
- https://www.nccgroup.trust/uk/about-us/newsroom-and-events/blogs/2017/september/rare-aspnet-request-validation-bypass-using-request-encoding/
Released under AGPL v3.0 see LICENSE for more information
Recommend
About Joyk
Aggregate valuable and interesting links.
Joyk means Joy of geeK