silentsignal/burp-piper

Stars
100
Rank 340,703 (Top 7 %)
Language
Kotlin
License
GNU General Publi...
Created almost 6 years ago
Updated over 2 years ago

silentsignal/burp-piper

silentsignal

There are no reviews yet. Be the first to send feedback to the community and the maintainers!

Piper Burp Suite Extender plugin

Piper for Burp Suite

Building

Execute ./gradlew build and you'll have the plugin ready in build/libs/burp-piper.jar

Known issues

The terminal emulator ignores background color when Look and feel is set to Nimbus, see https://bugs.openjdk.java.net/browse/JDK-8058704

Security

Piper configurations can be exported and imported. As configurations define commands to be executed on the user's machine, importing malicious configurations is a security risk.

Piper disables configurations loaded via the GUI to prevent exploitation, and unexpected behavior (e.g.: modification of HTTP messages). To support automation, Piper enables configurations loaded via the PIPER_CONFIG environment variable, so extra care must be taken in this use case.

Users should always review configurations before importing or enabling them.

License

The whole project is available under the GNU General Public License v3.0, see LICENSE.md. The swing-terminal component was developed by @redpois0n, released under this same license.

burp-log4shell

Log4Shell scanner for Burp Suite

burp-text4shell

Text4Shell scanner for Burp Suite

rsa_sign2n

Deriving RSA public keys from message-signature pairs

sheep-wolf

Wolves Among the Sheep

burp-requests

Copy as requests plugin for Burp Suite

burp-image-size

Image size issues plugin for Burp Suite

wpc-ps

Windows Privesc Check - PowerShell

av-breaking

Bare Knuckled AV Breaking

duncan

Duncan - Blind SQL injector skeleton

burp-uuid

UUID issues for Burp Suite

DirBustErl

DirBuster successor in Erlang

burp-json-jtree

JSON JTree viewer for Burp Suite

burp-collab-gw

Simple socket-based gateway to the Burp Collaborator

WebSphere-WSIF-gadget

CVE-2020-4464 / CVE-2020-4450

ActiveScan3Plus

Modified version of ActiveScan++ Burp Suite extension

zsca

Zero-trust SSH CA

burp-pdml

PDML importer for Burp Suite

sslproxy

Generic HTTPS proxy for logging non-HTTP traffic

wpc

Windows Privesc Check

burp-cfurl-cache

CFURL Cache inspector for Burp Suite

damn-vulnerable-stateful-web-app

Short and simple vulnerable PHP web application that naïve scanners found to be perfectly safe

SemGWT

Semgrep rules to identify GWT attack surface

eazfuscator.net-symbol-decrypter

Mass decryptor for Eazfuscator.net Symbol Names Encryption

heureka

A toolset to assess the behavioral capabilities of AV/HIPS software

burp-uniqueness

Uniqueness plugin for Burp Suite

android-param-annotate

Android parameter annotator for Dalvik/Smali disassembly

burp-commentator

Generates comments for selected request(s) based on regular expressions

burp-git-version

tickpredict

Predict the tick count of a remote ASP.NET application to achieve code execution

xcoff-ghidra

Quick&Dirty XCOFF Loader for Ghidra

crotch

Code Review on the Cheap

burp-json-array

JSON Array issues plugin for Burp Suite

burp-periscope

Quick scope settings for Burp Suite

nsmuggler

Little help to SQL/XSS smuggling

burp-asn1

ASN.1 toolbox for Burp Suite

xcoff-ks

Kaitai Struct Declarations for XCOFF

jms-codeql

CodeQL queries for JMS

SAVF

IBM i *PGM Save Files and their corresponding C sources

dhbrute

Brute force tool for poorly implemented Diffie-Hellman solutions

mq-jms-spring

JMS Deserialization Vulnerabilities When Using Spring with IBM MQ

ktool

experimental tool for storing/searching/converting RSA public keys

simpli

Performs primitive Dalvik symbolic execution

burp-ipv

Insertion point visualizer for Burp Suite

burp-sqlite-logger

SQLite logger for Burp Suite