Burpsuite 资料整理
Burpsuite 资料整理, 整到一起比较方便。
大家有更多关于Burpsuite的Tip请一起增量。谢谢!
插件
序号 | 名称 | 功能 | 参考文档 |
1 | Turbo intruder | 并发 | https://www.freebuf.com/sectool/243953.html https://blog.csdn.net/qq_28205153/article/details/113832488 |
2 | ddddocr | 验证码爆破 | https://www.t00ls.com/thread-64254-1-2.html |
3 | xp_CAPTCHA | burp 插件 验证码识别 | https://www.t00ls.com/thread-66205-1-2.html |
4 | RouteVulScan | 一个用来挖掘路径相关漏洞burp插件 | https://www.t00ls.com/thread-66114-1-2.html https://github.com/F6JO/RouteVulScan |
5 | xia SQL (瞎注) | 每个参数后面填加一个单引号,两个单引号,一个简单的判断注入小插件 | https://github.com/smxiazi/xia_sql |
6 | HaE | 信息高亮与提取者 | https://www.t00ls.com/thread-58253-1-2.html https://github.com/gh0stkey/HaE |
7 | BurpCrypto | BurpCrypto加解密 | https://www.t00ls.com/thread-65078-1-2.html https://github.com/whwlsfb/BurpCrypto |
8 | BurpBountyPlus | BurpBounty 魔改版本 | https://github.com/ggg4566/BurpBountyPlus https://www.t00ls.com/thread-65127-1-2.html |
9 | CaA | CaA - BurpSuite流量收集和分析插件 | https://github.com/gh0stkey/CaA https://www.t00ls.com/thread-63366-1-2.html |
10 | copy-go | burp插件-copy-go | https://www.t00ls.com/thread-62891-1-2.html |
11 | HopLa | burpsuie的payload自动补全工具 | https://www.t00ls.com/thread-61497-1-2.html https://github.com/synacktiv/HopLa |
12 | burp插件 | burp插件 | https://www.t00ls.com/thread-58240-1-2.html https://www.t00ls.com/redirect.php?goto=findpost&;ptid=58240&pid=961604 |
13 | BurpShiroPassiveScan插件 | BurpShiroPassiveScan插件较为完整key版本 | https://www.t00ls.com/thread-61066-1-2.html https://github.com/pmiaowu/BurpShiroPassiveScan |
14 | Charset_encoding-Burp | 利用字符集编码绕过waf | https://github.com/GuoKerS/Charset_encoding-Burp https://www.t00ls.com/thread-60120-1-2.html |
15 | BurpFakeIP | Burpsuit 伪造ip爆破脚本BurpFakeIP | https://www.t00ls.com/thread-57080-1-2.html https://github.com/TheKingOfDuck/burpFakeIP |
16 | burpsuite_jsapi | 一个用于查找JS文件中API接口的BurpSuite插件(Python) | https://www.t00ls.com/thread-54286-1-2.html https://github.com/0x-zmz/burpsuite_jsapi |
17 | BurpSuite - Authz | 基于BurpSuite快速探测越权-Authz插件 | https://mp.weixin.qq.com/s/pxkM7wwGLNexA1RZhtes9A https://www.t00ls.com/thread-53394-1-2.html (关于burp内容自动替换的问题) |
18 | chunked-coding-converter | Burp suite分块传输插件 | https://github.com/c0ny1/chunked-coding-converter https://www.t00ls.com/thread-50275-1-2.html |
19 | NoPE Proxy | Burp Suite 的非 HTTP 协议扩展 (NoPE) 代理和 DNS | https://github.com/summitt/Burp-Non-HTTP-Extension https://www.t00ls.com/thread-42857-1-2.html |
20 | HTTPHeadModifer | HTTPHeadModifer:一款快速修改HTTP数据包头的Burp Suite插件 | https://www.t00ls.com/thread-47371-1-2.html https://github.com/c0ny1/HTTPHeadModifer/ |
21 | HackBar | Burpsuite 的 HackBar 插件 | https://github.com/d3vilbug/HackBar https://www.t00ls.com/thread-47851-1-2.html |
22 | Unicode To Chinese | Unicode转中文的burpsuite插件 | https://www.t00ls.com/thread-46957-1-2.html https://github.com/bit4woo/u2c/releases |
23 | knife | 添加一些右键菜单让burp用起来更顺畅 | https://github.com/bit4woo/knife https://www.t00ls.com/thread-46344-1-2.html |
24 | shiro被动检测 | 8楼liuxiu添加 burp的shiro被动检测插件 | https://github.com/pmiaowu/BurpShiroPassiveScan |
25 | Fastjson | 8楼liuxiu添加 Fastjson检测 | https://github.com/pmiaowu/BurpFastJsonScan |
26 | log4j2 | 9楼BlackHorse添加 log4j2 监测插件 | https://www.t00ls.com/thread-64121-1-2.html |
27 | xia Liao (瞎料) 1.0 | burp插件 xia Liao (瞎料) 快速生成注册需要的资料 | https://www.t00ls.com/thread-66987-1-2.html https://github.com/smxiazi/xia_Liao |
28 | Spring Core RCE 漏洞检测工具 | Spring Core RCE 漏洞检测工具 | https://www.t00ls.com/viewthread.php?tid=65348 |
29 | burp联动sqlmapapi | burp联动sqlmapapi | https://www.t00ls.com/viewthread.php?tid=67711 |
插件编写
序号 | 标题 | 链接 |
1 | 从验证码爆破开始的burp插件学习 | https://www.t00ls.com/thread-64264-1-2.html |
2 | Python编写Burpsuite插件(1) | https://www.t00ls.com/thread-65589-1-2.html |
3 | 编写简单burp插件 | https://www.t00ls.com/thread-61654-1-2.html https://github.com/S9MF/sql-sup |
4 | BurpSuite插件-HAE修改、测试、规则分享 | https://www.t00ls.com/thread-60400-1-2.html |
5 | 怎么高效开发burp插件 | https://www.t00ls.com/thread-51859-1-2.html |
6 | 使用Python编写burpsuite插件 | https://www.t00ls.com/thread-49796-1-2.html https://portswigger.net/burp/extender/writing-your-first-burp-suite-extension |
7 | burpsuite插件开发之检测越权访问漏洞 | https://www.t00ls.com/thread-45788-1-2.html |
Burpsuite 文章
----change logs:
1. 2022.11.19 新增 {【xia Liao (瞎料) 1.0】,【Spring Core RCE 漏洞检测工具】,【burp联动sqlmapapi】}
----other:
论坛出现链接后登陆状态消失,【已解决】
复现方法: "https://www.t00ls.com/viewthread.php?tid=66257" (选中链接-->右键-->点转到) 登陆状态清除
评论115次
我竟然是一楼?早各位。这个整理很到位,补充一下现在很多网站都是vue结构,burpsuite_jsapi 这个插件比论坛里最发的几个都好用些。个人推荐
burp插件多了很容易卡死,有什么办法解决吗
收藏一波,顺便问问yakit比burp好用么
BurpBounty 好像有Pj版本
很齐全,可以补充一波
HaE和jsapi哪个好用~
HaE规则自己写一些进去,挺方便的,jsapi主要是列接口
好贴,收藏一波!!
访问就自动退出,哎
https://www.t00ls.com/viewthread.php?tid=64121&highlight=log4j2 log4j2 监测插件
https://github.com/pmiaowu/BurpShiroPassiveScan burp的shiro被动检测插件 https://github.com/pmiaowu/BurpFastJsonScan Fastjson检测
话说,看了这个帖子后,还莫名其妙撞到论坛bug,哈哈哈哈哈 有意思了。你们瞅瞅 https://www.t00ls.com/thread-66258-1-1.html
可以,相当不错,学到了
可以的,只是还有一点遗漏
HaE和jsapi哪个好用~
正好,看看我的插件还差几个,补充完善下
我竟然是一楼?早各位。这个整理很到位,补充一下现在很多网站都是vue结构,burpsuite_jsapi 这个插件比论坛里最发的几个都好用些。个人推荐