admin/BurpSuite-collections
1
0
Fork 0
mirror of https://github.com/Mr-xn/BurpSuite-collections.git synced 2025-11-05 10:26:46 +00:00
Code Issues Packages Projects Releases Wiki Activity

add charset_0.4.py ---通过字符集编码绕过waf的burp插件

Browse Source 
charset_0.4.py ---通过字符集编码绕过waf的burp插件
This commit is contained in:
东方有鱼名为咸 2021-03-25 21:54:25 +08:00 committed by GitHub
parent 509a8b8497
commit 94effb3d23
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
1 changed files with 5 additions and 4 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

9
README.md
View File

@ -99,13 +99,14 @@
> plugins目录下新增[awesome-burp-extensions的翻译版本](./plugins/awesome-burp-extensions)
- **charset_0.4.py** ---通过字符集编码绕过waf的burp插件 [源处](https://github.com/GuoKerS/Charset_encoding-Burp)
- **struts_ext_v2.jar** ---支持burpsuite插件形式调用检查struts2系列漏洞 [下载](https://raw.githubusercontent.com/Mr-xn/BurpSuite-collections/master/plugins/struts_ext_v2.jar)-[源处](https://github.com/prakharathreya/Struts2-RCE)
- **domain_hunter_pro** --domain_hunter的内部版本还是来自bit4woo表哥 [源处](https://github.com/bit4woo/domain_hunter_pro)
- **JC-AntiToken** ---用python编写的简单防重放绕过burp插件,可以在请求的时候自动从特定源请求下一步的token。[源处](https://github.com/chroblert/JC-AntiToken)
- **BurpCustomizer** ---新版burp皮肤切换插件自带几十种皮肤仅支持2020.12及以上版本的burp使用方法简单加载插件在 Customizer Tab下切换皮肤即可[](https://github.com/CoreyD97/BurpCustomizer)
- **BurpSuite_403Bypasser** ---用python编写的用来测试绕过403的插件。[](https://github.com/sting8k/BurpSuite_403Bypasser)
- **Burp-Non-HTTP-Extension** ---一款用于Burpsuite抓取非HTTP流量的插件。[](https://github.com/summitt/Burp-Non-HTTP-Extension)
- **burp-unauth-checker** ---一款用python开发用来自动化检查未授权漏洞()的burp插件。[](https://github.com/theLSA/burp-unauth-checker)
- **BurpCustomizer** ---新版burp皮肤切换插件自带几十种皮肤仅支持2020.12及以上版本的burp使用方法简单加载插件在 Customizer Tab下切换皮肤即可[](https://github.com/CoreyD97/BurpCustomizer)
- **BurpSuite_403Bypasser** ---用python编写的用来测试绕过403的插件。[](https://github.com/sting8k/BurpSuite_403Bypasser)
- **Burp-Non-HTTP-Extension** ---一款用于Burpsuite抓取非HTTP流量的插件。[](https://github.com/summitt/Burp-Non-HTTP-Extension)
- **burp-unauth-checker** ---一款用python开发用来自动化检查未授权漏洞()的burp插件。[](https://github.com/theLSA/burp-unauth-checker)
- **Unexpected.informationv** ---一款用来标记请求包中的一些敏感信息、JS接口和一些特殊字段防止我们疏忽了一些数据包的插件内置了八种常见的敏感信息身份证信息、手机号信息、IP信息、邮箱信息、JS文件API接口路径、特殊字段(password、method: "post"...)、双向检测、高亮显示等),体验不错。[源处](https://github.com/ScriptKid-Beta/Unexpected_information)
- **HaE** --- 一款使用Java开发的信息高亮标记与提取插件比之前介绍过的两款BurpSuite-Xkeys和IntelligentAnalysis-SSTVINFO体验要好一点需要手动写检测规则内置只有一个邮箱的检测规则。[源处](https://github.com/gh0stkey/HaE)
- **BurpShiroPassiveScan** ---一款基于BurpSuite的被动式shiro检测插件目前有两大功能1.shiro框架指纹检测 2.shiro加密key检测 [源处](https://github.com/pmiaowu/BurpShiroPassiveScan)