Burp Suite extension to perform hash length extension attacks on weak signature mechanisms.
Signatures tabs.
Extension-generated Intruder payloads will be available after messages and hashes are generated on the Signatures tab. Remember to disable URL-encoding for messages (as below).
Attack results.
- RIPEMD
- Whirlpool
- Tab for HMAC generation
- Fix copy message button when padding has line breaks