Dan McInerney
Dan McInerney
When inserting multiple cookie values the server will send a response, but the browser will never load the page since the attacker's machine never seems to send TCP ACKs back...
Channel hopping never stops. Gotta fix that eventually.
How do you feel about putting all the screenshots in a directory rather than just putting them in the folder that the script was run from? Seems like this would...
``` Traceback (most recent call last): File "C:\Users\dan\AppData\Roaming\BurpSuite\bapps\b2244cbb6953442cb3c82fa0a0d908fa\UploadScanner.py", line 981, in doActiveScan self.do_checks(injector) File "C:\Users\dan\AppData\Roaming\BurpSuite\bapps\b2244cbb6953442cb3c82fa0a0d908fa\UploadScanner.py", line 1121, in do_checks colab_tests.extend(self._xxe_office(injector, burp_colab)) File "C:\Users\dan\AppData\Roaming\BurpSuite\bapps\b2244cbb6953442cb3c82fa0a0d908fa\UploadScanner.py", line 1121, in do_checks colab_tests.extend(self._xxe_office(injector, burp_colab)) File...
ms17_010 exploit doesn't exist in the deps/ folder so I commented out references to it so the script will run. Additionally had to change ms08_067 to be imported from deps...
I am having the damndest time trying to unquote the URL in some requests. Any plans to add that an as option? It seems like I have to monkeypatch to...
Fixed command injection bug where a user could payload the Jupyter notebook name or md filename with something like "notebook.ipynb&&cat /etc/shadow>/public_html/index.html". ## Description ## (Brief description on what this PR...
Can we get an expected result function?
Something with the canonical_url() function in scrapy is causing all the payloads to be URL encoded which is extremely not ideal.