Burp Suite extension
Branch: master
Clone or download
Fetching latest commit…
Cannot retrieve the latest commit at this time.
Permalink
Type Name Latest commit message Commit time
Failed to load latest commit information.
gradle/wrapper
src/main
.gitignore
LICENSE
README.md
build.gradle
gradlew
gradlew.bat
settings.gradle

README.md

gunziper

A plugin for Burp Suite which enables you to:

  • "unpack" requests/responses (e.g. do an base64decode and afterwards a java deserialisation)
  • the possibility to gather e.g. a CSRF token from responses and automatically insert it in any request (without the need to do an extra request with burps macro functionality)
  • half automatically compare hundreds/thousands of responses for differences
    • Imagine you used intruder to test 10 GET parameters with payloads, and the application simply reflects the whole URL somewhere in the response. Of course, there might be XSS, but what about other vulnerabilities like SQL, XXE, ... Sorting for the response size will not trivially point to relevant requests, so intruder comparer comes into play. With it, you can define a regex which strips parts of the response (e.g. the reflected URL) and then iterates over all responses and does a comparison of the last and current response, and if there are some differences, it will show a diff window similar to burp's comparer.

Pre-built JARs

Pre-built JAR files are available on: http://coding.f-block.org/

Build from source

Build JAR files from source:

wget https://github.com/f-block/gunziper/archive/master.zip
unzip master.zip
cd gunziper-master
gradle jar

Dependencies