Match and Replace Script for BurpSuite
Main Features
- Generate Match and Replace options from a file
- Create presets for your attack
- Output to a JSON file
Usage
usage: generate.py [-h] [-f FILE] [-c COMMENT] [-r RULE] [-s REPLACE] [-o OUTPUT]
Optional Arguments:
- -h, --help show this help message and exit
- -f FILE, --file FILE Parameters/Variables to be Matched
- -c COMMENT, --comment COMMENT Comment or Bug Class [SSRF, RCE, XSS ..etc]
- -r RULE, --rule RULE Rule Type [request_header,request_body ...etc]
- -s REPLACE, --replace REPLACE Literal String to Replace
- -x, --tmp replace with regex and add a temp var
- -o OUTPUT, --output OUTPUT Option JSON file
Examples
Removing Headers/Parameters
./generate.py -f replaced_headers.txt -c "Removing Headers" --rule "request_header" --replace "" --output remove.jsonAdding Headers/Parameters
./generate.py -f added_headers.txt -c "Adding Headers" --rule "request_header" --replace "X-XSS-Protection: 0" --output adding.jsonReplacing Headers/Parameters
- You might use the argument -x to use the Regex Match and Replace option
./generate.py -f parameters.txt -c "SSRF Matching" --rule "request_param_name" --replace "attacker.com:port" -x --output opt.json
Contribution, Credits & License
Ways to contribute
- Suggest a feature
- Report a bug
- Fixing Issues
Licensed under the GNU GPLv3, see LICENSE for more information.