Burp Suite扩展程序，可帮助测试人员绕过WAF或使用多种技术测试其有效性

Burp Suite扩展程序，可帮助测试人员绕过WAF或使用多种技术测试其有效性

Burp Suite HTTP Smuggler

A Burp Suite extension to help pentesters to bypass WAFs or test their effectiveness using a number of techniques. This extension has been developed by Soroush Dalili (@irsdl) from NCC Group.

The initial release (v0.1) only supports the Encoding capability that can be quite complicated to be performed manually. See the references for more details.

Next versions will include more techniques and possible bug fixes.

Example Screenshots

References:

https://appseceurope2018a.sched.com/event/EgXc/waf-bypass-techniques-using-http-standard-and-web-servers-behaviorhttps://nccgroup.trust/uk/about-us/newsroom-and-events/blogs/2017/august/request-encoding-to-bypass-web-application-firewalls/https://nccgroup.trust/uk/about-us/newsroom-and-events/blogs/2017/september/rare-aspnet-request-validation-bypass-using-request-encoding/

Released under AGPL v3.0 see LICENSE for more information

版权声明：本文内容由网络用户投稿，版权归原作者所有，本站不拥有其著作权，亦不承担相应法律责任。如果您发现本站中有涉嫌抄袭或描述失实的内容，请联系我们jiasou666@gmail.com 处理，核实后本网站将在24小时内删除侵权内容。