0x94TR Scanner Burp Suite Extension Python 2x
Operations occur on a direct query without any parameter target input..
Potential security weaknesses are reflected on The Burp screen, It has a payload list in itself, finds vulnerabilities by doing bruteforce..
Features: What vulnerabilities can it find ?
- GET-POST Error Based SQL Injection
- GET-POST Blind SQL Injection
- GET-POST Time Based SQL Injection
- GET-POST Boolean Based SQL Injection
- GET-POST Union Based SQL Injection
- GET-POST Remote Command Execution
- GET-POST PHP exec
- GET-POST Local File Include
- Header CRLF Injection
- GET-POST Command Injection
- GET-POST Open Redirect
- GET-POST Cross-Site Scripting(XSS)
- GET-POST LDAP Injection
- GET-POST Xpath Injection
- GET-POST Frame Injection
- GET-POST SSI Injection
- GET-POST Template Injection
- HTTP Response Splitting
- Blind Command Injection
- Blind Remote Command Injection
- Blind XPATH Injection
- Header(Cookie/UserAgent/Referer/Accept-Language/Accept-Encoding/Accept-Charset) Injection
- Expression Language Injection
- XXE Injection
- Directory Brute
- File Brute
- Default password Brute
How does he find it ?
It automatically detects GET or POST requests,
by browsing the target site and tries payload based on returning errors.
Burp Suite Professional, 2.7.0 standalone: http://www.jython.org/downloads.html
Manual installation:
'Extender'->'Options'
Click 'Select file' under 'Python environment'
Choose jython-standalone-2.7.0.jar
'Extender'->'Extensions'
Click 'Add'
Change 'Extension Type' to Python
Choose 0x94TR.py
Done!
watch the video