From 2d1ee9e2d9deada02e298e9415d890eb4c4f06b7 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?=E4=B8=9C=E6=96=B9=E6=9C=89=E9=B1=BC=E5=90=8D=E4=B8=BA?= =?UTF-8?q?=E5=92=B8?= Date: Mon, 9 Nov 2020 23:11:22 +0800 Subject: [PATCH] Update README.md MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit add burp-unauth-checker(未授权漏洞检查插件) --- README.md | 1 + 1 file changed, 1 insertion(+) diff --git a/README.md b/README.md index 83810b7..16d0765 100644 --- a/README.md +++ b/README.md @@ -99,6 +99,7 @@ > plugins目录下新增[awesome-burp-extensions的翻译版本](./plugins/awesome-burp-extensions) +- **burp-unauth-checker** ---一款用python开发用来自动化检查未授权漏洞()的burp插件。[源出](https://github.com/theLSA/burp-unauth-checker) - **Unexpected.informationv** ---一款用来标记请求包中的一些敏感信息、JS接口和一些特殊字段,防止我们疏忽了一些数据包的插件,内置了八种常见的敏感信息(身份证信息、手机号信息、IP信息、邮箱信息、JS文件API接口路径、特殊字段(password、method: "post"...)、双向检测、高亮显示等),体验不错。[源处](https://github.com/ScriptKid-Beta/Unexpected_information) - **HaE** --- 一款使用Java开发的信息高亮标记与提取插件,比之前介绍过的两款(BurpSuite-Xkeys和IntelligentAnalysis-SSTVINFO)体验要好一点(需要手动写检测规则,内置只有一个邮箱的检测规则)。[源处](https://github.com/gh0stkey/HaE) - **BurpShiroPassiveScan** ---一款基于BurpSuite的被动式shiro检测插件,目前有两大功能1.shiro框架指纹检测 2.shiro加密key检测 [源处](https://github.com/pmiaowu/BurpShiroPassiveScan)