♻️WPScan like plugin for
Burp Wp Find known vulnerabilities in WordPress plugins and themes using Burp Suite proxy.
Usage
Install extension. Browse WordPress sites through Burp proxy. Vulnerable plugins and themes will appear in the issue list.
Installation
Download Jython standalone JAR, for example, version 2.7
Go to Extender->Options. Set path inside Location of Jython standalone JAR file
Download newest Burp WP
Go to Extender->Extensions. Click Add. Set Extension type to Python. Set path inside Extension file.
Burp WP should appear inside Burp Extensions list. Also you will see new tab.
Intruder payload generator
Because proxy requests and responses are used it’s not possible to discover all plugins and themes installed on a specific website.
You can try to get more information manually using intruder payload generator.
Right click on URL inside Proxy->HTTP history and choose Send to Burp WP Intruder.
This will replace request method to GET, remove all parameters and set payload position marker.
Now go to Intruder->Tab X->Positions. Correct URL so it points to WordPress homepage.
Inside Payloads tab uncheck Payload encoding so / won’t be converted to %2f.
Then set Payload type to Extension generated. Now click Select generator:
There are 3 generators:
WordPress Plugins
WordPress Themes
WordPress Plugins and themes
Source: https://github.com/kacperszurek/
Burp Wp Find known vulnerabilities in WordPress plugins and themes using Burp Suite proxy.
Usage
Install extension. Browse WordPress sites through Burp proxy. Vulnerable plugins and themes will appear in the issue list.
Installation
Download Jython standalone JAR, for example, version 2.7
Go to Extender->Options. Set path inside Location of Jython standalone JAR file
Download newest Burp WP
Go to Extender->Extensions. Click Add. Set Extension type to Python. Set path inside Extension file.
Burp WP should appear inside Burp Extensions list. Also you will see new tab.
Intruder payload generator
Because proxy requests and responses are used it’s not possible to discover all plugins and themes installed on a specific website.
You can try to get more information manually using intruder payload generator.
Right click on URL inside Proxy->HTTP history and choose Send to Burp WP Intruder.
This will replace request method to GET, remove all parameters and set payload position marker.
Now go to Intruder->Tab X->Positions. Correct URL so it points to WordPress homepage.
Inside Payloads tab uncheck Payload encoding so / won’t be converted to %2f.
Then set Payload type to Extension generated. Now click Select generator:
There are 3 generators:
WordPress Plugins
WordPress Themes
WordPress Plugins and themes
Source: https://github.com/kacperszurek/
No comments:
Post a Comment