Displaying 1 to 11 from 11 results

BadIntent - Intercept, modify, repeat and attack Android's Binder transactions using Burp Suite

  •    Java

BadIntent is the missing link between the Burp Suite and the core Android's IPC/Messaging-system. BadIntent consists of two parts, an Xposed-based module running on Android and a Burp-plugin. Based on this interplay, it is possible to use the Burp's common workflow and all involved tools and extensions, since the intercept and repeater functionality is provided. BadIntent hooks deeply into the Android system, performs various method redirections in Parcels and adds additional services to provide the described features. Most notably, BadIntent works system-wide (experimental) and is not restricted to individual user apps. The most handy approach is to install BadIntent Android from the Xposed Module Repository and BadIntent Burp from the Burp’s BApp Store. Both are made available/submitted before the Arsenal presentation of BadIntent in Black Hat Las Vegas 2017.

burp-molly-pack - Security checks pack for Burp Suite

  •    Java

Burp-molly-pack is Yandex security checks pack for Burp. The main goal of Burp-molly-pack is to extend Burp checks. Plugins contains Active and Passive security checks.

domain_hunter - A Burp Suite Extender that search sub domain and similar domain from sitemap,get related domains from certification

  •    Java

A Burp Suite extender that search sub domains,similar domains and related domains from sitemap. Some times similar domain and related domains give you surprise^_^. that's why I care about it. 2017-07-28: Add a function to crawl all known subdomains; fix some bug.




ReSign - A burp extender that recalculate signature value automatically after you modified request parameter value

  •    Java

A burp extender that recalculate signature value automatically after you modified request parameter value.but you need to know the signature algorithm detail and configure at GUI. More and more mobile developers begin to use the signature algorithm to improve the security of App. when we test the App generated requests, always need to recalculate the sign value and update it again and again to make the request pass the server check.


Minesweeper - A Burpsuite plugin (BApp) to aid in the detection of scripts being loaded from over 9200+ malicious cryptocurrency mining domains (cryptojacking)

  •    Python

A Burpsuite plugin (BApp) to aid in the detection of scripts being loaded from over 9200+ malicious cryptocurrency mining domains (cryptojacking). As this is the first build of Minesweeper lists are currently built based on CoinBlockerLists. As the project matures more sources will be added, as well as direct code checks. Since CoinBlockerLists updates quite frequently code is included to allow you to manually update your source list from the CoinBlockerLists github project.

CTFHelper - A simple Burp extension for scanning stuffs in CTF

  •    Python

This extension will scan some sensitive files (backup files likes .index.php.swp or .git directory) in web server that makes solving CTF challenge faster. Set up jython variable correctly.