The all-in-one Red Team browser extension for Web Pentesters HackTools, is a web extension facilitating your web application penetration tests, it includes cheat sheets as well as all the tools used during a test such as XSS payloads, Reverse shells and much more. With the extension you no longer need to search for payloads inRead More
An burpsuite extension to bypass 403 restricted directory. By using PassiveScan (default enabled), each 403 request will be automatically scanned by this extension, so just add to burpsuite and enjoy. Payloads: $1: HOSTNAME $2: PATH $1/$2$1/%2e/$2$1/$2/.$1//$2//$1/./$2/./$1/$2anything -H “X-Original-URL: /$2” $1/$2 -H “X-Custom-IP-Authorization: 127.0.0.1” $1 -H “X-Rewrite-URL: /$2″$1/$2 -H “Referer: /$2″$1/$2 -H “X-Originating-IP: 127.0.0.1″$1/$2 -H “X-Forwarded-For:Read More
Widevine is a Google-owned DRM system that’s in use by many popular streaming services (Netflix, Spotify, etc.) to prevent media content from being downloaded. But Widevine’s least secure security level, L3, as used in most browsers and PCs, is implemented 100% in software (i.e no hardware TEEs), thereby making it reversible and bypassable. This ChromeRead More
The all-in-one Red Team browser extension for Web PentestersHackTools, is a web extension facilitating your web application penetration tests, it includes cheat sheets as well as all the tools used during a test such as XSS payloads, Reverse shells and much more.With the extension you no longer need to search for payloads in different websitesRead More
AuthMatrix is an extension to Burp Suite that provides a simple way to test authorization in web applications and web services. With AuthMatrix, testers focus on thoroughly defining tables of users, roles, and requests for their specific target application upfront. These tables are structured in a similar format to that of an access control matrixRead More
A (Still in Development) monitoring browser extension for pages acting as bad boys.NB: This is the code repository of the project, if you’re looking for the packed extensions:Firefox: https://addons.mozilla.org/en-US/firefox/addon/behave/Chrome: https://chrome.google.com/webstore/detail/mppjbkhgconmemoeagfbgilblohhcica/Introduction.Behave! monitors and warn if a web page performs any of following actions: Browser based Port Scan Access to Private IPs DNS Rebinding attacks to PrivateRead More
A security testing tool to facilitate GraphQL technology security auditing efforts. InQL can be used as a stand-alone script or as a Burp Suite extension.InQL Stand-Alone CLIRunning inql from Python will issue an Introspection query to the target GraphQL endpoint in order fetch metadata information for: Queries, mutations, subscriptions Its fields and arguments Objects andRead More
TeaBreak is a simple burp extension for security researchers and bug bounty hunters for helping them to increase their work productivity. We know how much health is important. It is recommended to take break from your work to avoid burnout, reduce eye strain and other health problems.How? Set your break time before commencement of yourRead More
Everything You Need About Burp Extension Generation InstallationFirst, install Yeoman and generator-burp-extension using npm (we assume you have pre-installed node.js). npm install -g yonpm install -g generator-burp-extension Then generate your new project: yo burp-extension Burp Extension featuresWhen you generate your plugin project, the generator will ask you what features should be included in your plugin.Read More
Exporter is a Burp Suite extension to copy a request to the clipboard as multiple programming languages functions.You can export as: cURL Wget Python Request Perl LWP PHP HTTP_Request2 Go Native NodeJS Request jQuery AJAX PowerShell Requirements Jython >= 2.7.1 Burp Suite importIn Burp Suite, under the Extender/Extensions tab, click on the Add button, selectRead More
