Skip to content

RobinFassina-Moschini/Burp-WS-Security

BranchesTags

Repository files navigation

Burp WS-Security

This extension calculate a valid WS security token for every request (In Proxy, Scanner, Intruder, Repeater, Sequencer, Extender), and replace variables in theses requests by the valid token. It follow Web Services Security (WS-Security, WSS) published by OASIS

Using Burp WS-Security

  • This extension only change requests targeting in scope item. So you need to add the target in the scope.
  • Go to the WSSecurity tab, fill the password field, choose if you need the nonce to be base64 encoded or not.
  • Click “Turn WS-Security ON”. Now, for every request in scope, a valid security token will be created.
  • In your request
      #WS-SecurityPasswordDigest will be replaced by the Password Digest
      #WS-SecurityNonce will be replaced by the Nonce
      #WS-SecurityCreated will be replaced by the correct time
      #WS-SecurityUUID will be replaced by a random UUID
  • This extension will log in the Extender UI every request after change if you need to debug.

    • Screenshot

    About

    No description, website, or topics provided.

    Resources

    Readme

    License

    GPL-3.0 license
    Activity

    Stars

    0 stars

    Watchers

    1 watching

    Forks

    5 forks
    Report repository

    Releases

    No releases published

    Packages

    No packages published

    Languages