banner
lca

lca

真正的不自由,是在自己的心中设下牢笼。
HomeArchives图文

常用的burpsuite插件

#工具#burpsuite328
AI-generated summary
This is a list of commonly used BurpSuite plugins, including their names, URLs, and descriptions. The plugins range from passive scanning for URLs in JS files to active and passive scanning for API leaks and authorization issues. There are also plugins for detecting vulnerabilities in FastJson and Log4j2, as well as tools for uploading module scanning and captcha cracking. The list also includes a plugin for detecting HTTP request smuggling and a plugin for vulnerability detection in BurpSuite.

111

整理下平常使用的 burpsuite 插件

插件名称url描述
JS Link FinderBApp Store被动扫描 js 文件内的 url
Turbo IntruderBApp Store用于发送大量 HTTP 请求并分析结果(爆破)
HAEhttps://github.com/gh0stkey/HaE请求高亮标记与信息提取
CO2BApp Store加了一些工具
BurpShiroPassiveScanhttps://github.com/pmiaowu/BurpShiroPassiveScan基于 BurpSuite 的被动式 shiro 检测插件
APIKithttps://github.com/API-Security/APIKit主动 / 被动扫描发现应用泄露的 API 文档
xia SQLhttps://github.com/smxiazi/xia_sql简单的判断注入
BurpFastJsonScanhttps://github.com/pmiaowu/BurpFastJsonScan被动式 FastJson 检测
Log4j2Scanhttps://github.com/whwlsfb/Log4j2ScanLog4j2 被动扫描
log4j2burpscannerhttps://github.com/f0ng/log4j2burpscannerLog4j2 被动扫描
FlowBApp Store筛选来自 Burp 工具的所有完整和不完整请求
AutorizeBApp Store授权检测插件
shiro scanhttps://github.com/pmiaowu/BurpShiroPassiveScan被动式 shiro 检测
FastjsonScanhttps://github.com/Maskhe/FastjsonScanFastjson 反序列化检测
HackToolshttps://github.com/Vicl1fe/HackTools一些小工具
knifehttps://github.com/bit4woo/knife添加一些右键菜单
captcha-killer-modifiedhttps://github.com/f0ng/captcha-killer-modified验证码爆破
upload scannerhttps://github.com/portswigger/upload-scanner上传模块扫描
Auth Analyzerhttps://github.com/portswigger/auth-analyzer授权检测插件
HTTP Request Smugglerhttps://github.com/portswigger/http-request-smugglerhttp 请求走私协议
TsojanScanhttps://github.com/Tsojan/TsojanScan集成的 BurpSuite 漏洞探测插件

图片来自:https://wallhaven.cc/

Loading...
Ownership of this post data is guaranteed by blockchain and smart contracts to the creator alone.