Yash Sodha yashrs
defparam
/ MutateMethods.py
Last active
February 15, 2026 04:39
Example of using Turbo Intruder in a "listen and attack" mode. Because turbo intruder's jython interpreter is technically inside burp you can have turbo intruder scripts use the plugin API. Here we use burp.IProxyListener to intercept requests and reissue them inside turbo intruder mutating the method.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| from threading import Thread | |
| import time | |
| class TrafficMagnet(burp.IProxyListener): | |
| def __init__(self): | |
| callbacks.registerProxyListener(self) | |
| self._helpers = callbacks.getHelpers() | |
| self._callbacks = callbacks | |
jakekarnes42
/ host_getter.svg
Created
August 13, 2019 23:44
An SVG "image" that uses an XXE attack to embed the hostname file of whichever system processes it into the image itself
Loading
Sorry, something went wrong. Reload?
Sorry, we cannot display this file.
Sorry, this file is invalid so it cannot be displayed.