武装你的 Burp Suite - 好用插件分享
作者:互联网
本文来源于:微信公众号:[小白渗透成长之路]
[如果你觉得文章对你有帮助,欢迎点赞]
内容目录
BURP 好用插件集合
BURP 好用插件集合
下面分享一些插件,也算是用到的比较多的或者是比较火的一些插件,在这里做个简单集合,供大家选取。(因为比较多,就不一一放链接了,可以 github 直接搜, 都有的,还可以顺便看看官方文档。)
burp如何安装插件教程: https://blog.csdn.net/weixin_46329243/article/details/113270792
1.Bypass WAF
![](https://www.icode9.com/i/ll/?i=img_convert/1ecf5095c5bcc9e355e755504607cd70.png)
![点击并拖拽以移动](https://www.icode9.com/i/l/?n=22&i=blog/1671599/202203/1671599-20220306084909322-1537570482.gif)
2.DomainHunterPro(信息收集管理)
![](https://www.icode9.com/i/ll/?i=img_convert/6b00b531ae4dca3bef977e007b462758.png)
![点击并拖拽以移动](https://www.icode9.com/i/l/?n=22&i=blog/1671599/202203/1671599-20220306084909322-1537570482.gif)
使用说明: https://blog.csdn.net/qq_50854662/article/details/120462819
3.JOSEPH(格式转化)
![](https://www.icode9.com/i/ll/?i=img_convert/12c25ec04fbd07afc4f768a4b8b3970c.png)
![点击并拖拽以移动](https://www.icode9.com/i/l/?n=22&i=blog/1671599/202203/1671599-20220306084909322-1537570482.gif)
4.JSON Web Tokens
![](https://www.icode9.com/i/ll/?i=img_convert/d49e8c09aa30be7c723ed554f28c45fe.png)
![点击并拖拽以移动](https://www.icode9.com/i/l/?n=22&i=blog/1671599/202203/1671599-20220306084909322-1537570482.gif)
5.software vulnerability scanner(扫描器增强插件)
![](https://www.icode9.com/i/ll/?i=img_convert/e4293ac7e3cf8bc95bbda00039c8b15c.png)
![点击并拖拽以移动](https://www.icode9.com/i/l/?n=22&i=blog/1671599/202203/1671599-20220306084909322-1537570482.gif)
6.json&HTTPP(格式转化)
![](https://www.icode9.com/i/ll/?i=img_convert/b0f022a3632aa3b8d7e29b0546b3242a.png)
![点击并拖拽以移动](https://www.icode9.com/i/l/?n=22&i=blog/1671599/202203/1671599-20220306084909322-1537570482.gif)
7.Fastjson scan(fastjson 漏洞检测)
![点击并拖拽以移动](https://www.icode9.com/i/l/?n=22&i=blog/1671599/202203/1671599-20220306084909322-1537570482.gif)
8.Autorize(越权测试)
![](https://www.icode9.com/i/ll/?i=img_convert/41132e2263e0b04c483b2f9776ad3202.png)
![点击并拖拽以移动](https://www.icode9.com/i/l/?n=22&i=blog/1671599/202203/1671599-20220306084909322-1537570482.gif)
9.HaE(关键数据包高亮)
![](https://www.icode9.com/i/ll/?i=img_convert/1d8fd9fa163b2fa4ef5393fda0325674.png)
![点击并拖拽以移动](https://www.icode9.com/i/l/?n=22&i=blog/1671599/202203/1671599-20220306084909322-1537570482.gif)
10.captcha-killer(验证码爆破)
![点击并拖拽以移动](https://www.icode9.com/i/l/?n=22&i=blog/1671599/202203/1671599-20220306084909322-1537570482.gif)
11.Fiora(强推,具体看 github, 不比联动 xray 差)
![](https://www.icode9.com/i/ll/?i=img_convert/e74445fdd61da0cdc9d643fcc544d1d9.png)
![点击并拖拽以移动](https://www.icode9.com/i/l/?n=22&i=blog/1671599/202203/1671599-20220306084909322-1537570482.gif)
12.Log4j2_Pscan(发送 payload 进行盲打)
![](https://www.icode9.com/i/ll/?i=img_convert/4a892410bb6b605c1300c9659e30bd81.png)
![点击并拖拽以移动](https://www.icode9.com/i/l/?n=22&i=blog/1671599/202203/1671599-20220306084909322-1537570482.gif)
13.AuthMatrix(越权检测)
![](https://www.icode9.com/i/ll/?i=img_convert/f3e64c6f016dffb1d1d6ac157d3a5b79.png)
![点击并拖拽以移动](https://www.icode9.com/i/l/?n=22&i=blog/1671599/202203/1671599-20220306084909322-1537570482.gif)
14.Authz(越权)
![](https://www.icode9.com/i/ll/?i=img_convert/884bd69c1000b390230a752854f49b17.png)
![点击并拖拽以移动](https://www.icode9.com/i/l/?n=22&i=blog/1671599/202203/1671599-20220306084909322-1537570482.gif)
15.xssValidator(xss 漏洞 fuzz)
![点击并拖拽以移动](https://www.icode9.com/i/l/?n=22&i=blog/1671599/202203/1671599-20220306084909322-1537570482.gif)
16.IP rotate(伪造 ip)
![](https://www.icode9.com/i/ll/?i=img_convert/b4d5f7abebe98559ee00af374c183e4c.png)
![点击并拖拽以移动](https://www.icode9.com/i/l/?n=22&i=blog/1671599/202203/1671599-20220306084909322-1537570482.gif)
17.sqlmap4burp++(burp+sqlmap 联动)
![](https://www.icode9.com/i/ll/?i=img_convert/0f748da6890a09094075af4113be1ec8.png)
![点击并拖拽以移动](https://www.icode9.com/i/l/?n=22&i=blog/1671599/202203/1671599-20220306084909322-1537570482.gif)
18.wooyu 同类漏洞查询
![点击并拖拽以移动](https://www.icode9.com/i/l/?n=22&i=blog/1671599/202203/1671599-20220306084909322-1537570482.gif)
19.BurpShiroPassiveScan(shiro 被动式扫描)
![](https://www.icode9.com/i/ll/?i=img_convert/87755dd8a6e9fe66abb0e1fd94a38e0c.png)
![点击并拖拽以移动](https://www.icode9.com/i/l/?n=22&i=blog/1671599/202203/1671599-20220306084909322-1537570482.gif)
20.chunked coding converter(分块传输)
![](https://www.icode9.com/i/ll/?i=img_convert/91b9fa2999fce0415e089ede58e29b62.png)
![点击并拖拽以移动](https://www.icode9.com/i/l/?n=22&i=blog/1671599/202203/1671599-20220306084909322-1537570482.gif)
![](https://www.icode9.com/i/ll/?i=img_convert/1d8be82f4f5858064a3ebcc528d795d9.png)
![点击并拖拽以移动](https://www.icode9.com/i/l/?n=22&i=blog/1671599/202203/1671599-20220306084909322-1537570482.gif)
21.Hack bar(集合工具箱)
![](https://www.icode9.com/i/ll/?i=img_convert/3df4e29302ca86a9f507280204bdba7d.png)
![点击并拖拽以移动](https://www.icode9.com/i/l/?n=22&i=blog/1671599/202203/1671599-20220306084909322-1537570482.gif)
22.U2C(Unicode 转中⽂)
![点击并拖拽以移动](https://www.icode9.com/i/l/?n=22&i=blog/1671599/202203/1671599-20220306084909322-1537570482.gif)
23.BurpSuite_403Bypasser
⽐如我们有时候看到很多⽹站限制外部访问,访问的话直接显示 403,我们可能改⼀个 IP 头为本地 127.0.0.1 我们就能绕过这个限制,这个插件可以全⾃动的来帮我们验证。
![](https://www.icode9.com/i/ll/?i=img_convert/69db2a7cbd6a9f1e795a371f16e8c7d4.png)
![点击并拖拽以移动](https://www.icode9.com/i/l/?n=22&i=blog/1671599/202203/1671599-20220306084909322-1537570482.gif)
24.BurpJSLinkFinde(⽤于被动扫描端点链接的 JS ⽂件)
![点击并拖拽以移动](https://www.icode9.com/i/l/?n=22&i=blog/1671599/202203/1671599-20220306084909322-1537570482.gif)
还有很多可能没有整理出来,以后再发吧
![点击并拖拽以移动](https://www.icode9.com/i/l/?n=22&i=blog/1671599/202203/1671599-20220306084909322-1537570482.gif)
标签:插件,漏洞,BURP,集合,Suite,越权,好用,Burp 来源: https://www.cnblogs.com/Xor0ne/p/15970307.html