• Stars
    star
    109
  • Rank 319,077 (Top 7 %)
  • Language
    Python
  • License
    MIT License
  • Created about 4 years ago
  • Updated almost 4 years ago

Reviews

There are no reviews yet. Be the first to send feedback to the community and the maintainers!

Repository Details

burpsuite extension for check and extract sensitive request parameter

burp-sensive-param-extractor

概述

检测并提取请求参数中的敏感参数名,如userid,username,方便测试越权漏洞,并形成敏感参数字典。

关于该插件的实现细节,参考burpsuite插件开发总结

快速开始

param-regular.cfg:参数正则配置文件,id表示请求参数中包含id的参数,如userid,idcard等。

sensitive-params.txt:参数字典文件。

支持4种参数检测

self.requestParamDict['urlParams'] = []

self.requestParamDict['BodyParams'] = []

self.requestParamDict['cookieParams'] = []

self.requestParamDict['jsonParams'] = []

界面右侧的列表即参数正则,可实时增删,删除只需单击列表元素再点击删除按钮即可。

反馈

issues

More Repositories

1

CS-checklist

PC客户端(C-S架构)渗透测试checklist / Client side(C-S) penetration checklist
655
star
2

emergency-response-checklist

应急响应指南 / emergency response checklist
651
star
3

hack-er-tools

emergency response toolkit
Shell
250
star
4

burp-unauth-checker

burpsuite extension for check unauthorized vulnerability
Python
223
star
5

hack-cs-tools

client side (C-S) penetration toolkit
149
star
6

tp5-getshell

thinkphp5 rce getshell
Python
137
star
7

ueditor-getshell

ueditor .net getshell
Python
93
star
8

burp-info-extractor

burpsuite extension for extract information from data
Java
84
star
9

awBruter

千倍速一句话木马密码爆破工具
Python
74
star
10

f5-bigip-rce-cve-2020-5902

F5 BIG-IP RCE CVE-2020-5902 automatic check tool
Python
61
star
11

cmsIdentification

多模式cms识别脚本
Python
58
star
12

discuz-ml-rce

discuz ml rce
Python
54
star
13

phpstudy-backdoor-rce

phpstudy(2016/2018) backdoor rce
Python
47
star
14

ecshop-getshell

ecshop rce getshell
Python
30
star
15

s2sniper

针对struts2的漏洞检测工具(可批量)
Python
22
star
16

vbulletin5-rce

CVE-2019-16759 vbulletin 5.0.0 till 5.5.4 pre-auth rce
Python
20
star
17

sunlogin-exp-gui

GUI版向日葵RCE漏洞利用工具 / GUI version of sunlogin exploit tool
Java
17
star
18

sunlogin-exp-cmd

命令行版向日葵RCE漏洞利用工具 / cmd version of sunlogin exploit tool
C++
16
star
19

solr-rce

apache solr 5.x - 8.2.0 rce (with config api)
Python
10
star
20

apache-httpd-path-traversal-checker

apache httpd path traversal checker(CVE-2021-41773 / CVE-2021-42013)
Python
8
star
21

burp-comment-extractor

burpsuite extension for extract html and js comment.
Java
7
star
22

md5Base64Cracker

Crack md5{d_base64}
Python
6
star
23

lsascan_v1.0_linux

Java
5
star
24

lsascan_v1.0_python

Python
1
star
25

harbor-give-me-admin

harbor(<1.7.6/1.8.3) privilege escalation (CVE-2019-16097)
Python
1
star
26

wooyun_wordcloud

简单的乌云(镜像站)漏洞词云
Python
1
star
27

http_methods

python实现的多种http请求脚本
Python
1
star