Skip to content

PortSwigger/ws-security

 
 

Repository files navigation

Burp WS-Security

This extension calculate a valid WS security token for every request (In Proxy, Scanner, Intruder, Repeater, Sequencer, Extender), and replace variables in theses requests by the valid token. It follow Web Services Security (WS-Security, WSS) published by OASIS

Using Burp WS-Security

  • This extension only change requests targeting in scope item. So you need to add the target in the scope.
  • Go to the WSSecurity tab, fill the password field, choose if you need the nonce to be base64 encoded or not.
  • Click “Turn WS-Security ON”. Now, for every request in scope, a valid security token will be created.
  • In your request
      #WS-SecurityPasswordDigest will be replaced by the Password Digest
      #WS-SecurityNonce will be replaced by the Nonce
      #WS-SecurityCreated will be replaced by the correct time
      #WS-SecurityUUID will be replaced by a random UUID
  • This extension will log in the Extender UI every request after change if you need to debug.
  • Screenshot

    About

    No description, website, or topics provided.

    Resources

    License

    Stars

    Watchers

    Forks

    Releases

    No releases published

    Packages

    No packages published

    Languages

    • Java 94.6%
    • HTML 5.4%