Burpsuite Plugin to detect Directory Traversal vulnerabilities
Requirements
Installation from GitHub
Extender > Add
.jar
fileA Mutator will run against every request seen from burpsuite e.g(proxy, repeater, scanner) generating a number of potential urls each appended with a payload to be passed to Executor and Detector classes to detect if one of the detection techniques was successful
This plugin uses two main techniques to identify directory traversal vulnerabilities
i) Using predefined payloads specified at payloads.list which will be fetched at runtime from GitHub and matched against regex.list
ii) Still in development. the aim to detect same response requests like /static/css/main.css/
and /static/../static/css/main.css
with minimal false postives and also apply similar techniques like the ones found in CVE-2020-5902
, CVE-2020-15506