A Burp extension adding a passive scan check to flag parameters whose name or value may indicate a possible insertion point for SSRF or LFI.

Last update: Nov 07, 2022

Overview

BurpParamFlagger

A Burp extension adding a passive scan check to flag parameters whose name or value may indicate a possible insertion point for SSRF or LFI.

Note: I believe that Burp Pro is required to use this extension, since it adds onto the scanner functionality, which isn't included in the Community version.

The extension will look at both the name of a parameter and the value of that parameter and look for any common words or patterns indicating that it could be an insertion point for SSRF or LFI.

For example, SSRF checks include looking for parameter names like 'redirect', 'url', or 'domain', as well as looking for values that look like a URL.

LFI checks look for names like 'include', 'attach', or 'file', and look for values that have a file extension.

A few basic examples:

Installation

Just clone the repo and load the extension into Burp: Go to the Extender tab, click 'Add', change the extension type to 'Python', provide the cloned BurpParamFlagger.py file, and follow the next prompts.

Usage

Once the extension is loaded, nothing more is needed. You should start seeing any flagged requests with your other scanner issues on the Dashboard.

A Burp extension adding a passive scan check to flag parameters whose name or value may indicate a possible insertion point for SSRF or LFI.

Related tags

Overview

BurpParamFlagger

Installation

Usage

Owner

Allyson O'Malley

A simple multi-threaded distributed SSH brute-forcing tool written in Python.

This is a js front-end encryption blasting account and password tools

A Python application to predict what is cooking

Dome - Subdomain Enumeration Tool. Fast and reliable python script that makes active and/or passive scan to obtain subdomains and search for open ports.

A Docker based LDAP RCE exploit demo for CVE-2021-44228 Log4Shell

MD5-CRACKER - A gmail brute force app created with python3

An open-source post-exploitation framework for students, researchers and developers.

PoC of proxylogon chain SSRF(CVE-2021-26855) to write file by testanull, censored by github

Yesitsme - Simple OSINT script to find Instagram profiles by name and e-mail/phone

A way to analyse how malware and/or goodware samples vary from each other using Shannon Entropy, Hausdorff Distance and Jaro-Winkler Distance

logmap: Log4j2 jndi injection fuzz tool

🔎 Most Advanced Open Source Intelligence (OSINT) Framework for scanning IP Address, Emails, Websites, Organizations.

The backend part of the simple password manager project made for the creative challenge.

A simple automatic tool for finding vulnerable log4j hosts

NoSecerets is a python script that is designed to crack hashes extremely fast. Faster even than Hashcat

Log4j2 intranet scan

nuclei scanner for proxyshell ( CVE-2021-34473 )

Archive-Crack - A Tools for crack file archive

This repository detects a system vulnerable to CVE-2022-21907 and protects against this vulnerability if desired

This repository consists of the python scripts for execution and automation of vivid tasks.