30 open-source projects similar to nccgroup/burpsuitehttpsmuggler, ranked by how many features they have in common. Compare stars, activity and what each one does to find the best BurpSuiteHTTPSmuggler alternative.
Add headers to all Burp requests to bypass some WAF products
Burp suite 分块传输辅助插件
Burp Plugin to Bypass WAFs through the insertion of Junk Data
sqli-labs is a collection of intentionally vulnerable web applications and sandbox environments designed for practicing the identification and exploitation of SQL injection vulnerabilities. It serves as a cybersecurity education lab where users can experiment with database exploits in a controlled setting. The environment provides specialized modules for testing a wide range of attack vectors, including error-based, boolean-blind, and time-based injections. It specifically covers advanced techniques such as second-order injections, stacked queries, and attacks targeting HTTP headers. The pro
XSStrike is a security tool designed to detect cross-site scripting vulnerabilities through parameter fuzzing and web response analysis. It functions as a web application fuzzer and vulnerability scanner that identifies injection points and security flaws. The project includes a specialized utility for detecting blind XSS, where payloads execute asynchronously or on separate pages. It also features a JavaScript library auditor to identify outdated libraries with known vulnerabilities and a dedicated tool for identifying and bypassing web application firewalls using various evasion techniques.
use a headless webkit/browser (PhantomJS) to obtain the values of WAF-injected cookies which are calculated in the browser by client-side JavaScript code and then add them to Burp's cookie jar - selectively remove specific cookies from Burp's cookie jar - empty Burp's cookie jar, for example to…
HUNT Suite is a collection of Burp Suite Pro/Free and OWASP ZAP extensions. Identifies common parameters vulnerable to certain vulnerability classes (Burp Suite Pro and OWASP ZAP). Organize testing methodologies (Burp Suite Pro and Free).
🚫 Advanced tool for security researchers to bypass 403/40X restrictions through smart techniques and adaptive request manipulation. Fast. Precise. Effective.
Adds a customizable "Send to..."-context-menu to your BurpSuite.
A Burp extension to show the Collaborator client in a tab
A burp extension that add some useful function to Context Menu 添加一些右键菜单让burp用起来更顺畅
InQL is a robust, open-source Burp Suite extension for advanced GraphQL testing, offering intuitive vulnerability detection, customizable scans, and seamless Burp integration.
A Burp Suite extension made to automate the process of bypassing 403 pages. Heavily based on Orange Tsai's talk Breaking Parser Logic: Take Your Path Normalization off and Pop 0days Out!
Burp and ZAP plugin to analyse Content-Security-Policy headers or generate template CSP configuration from crawling a Website
Burp/ZAP/Maven extension that integrate Retire.js repository to find vulnerable Javascript libraries.
This extension generates scripts to reissue a selected request. The scripts can be run outside of Burp. It can be useful to script attacks such as second order SQL injection, padding oracle, fuzzing encoded value, etc.
Burp Extension for a passive scanning JS files for endpoint links.
The JSON Escaper Burp Suite plugin simplifies the process of escaping JSON payloads for pentesters, as there is no built-in option for this in Burp.