Created
February 3, 2020 20:24
-
-
Save jpinkham/22a69f6342e5da5b030b284c485a28fd to your computer and use it in GitHub Desktop.
Revisions
-
jpinkham created this gist
Feb 3, 2020 .There are no files selected for viewing
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters. Learn more about bidirectional Unicode charactersOriginal file line number Diff line number Diff line change @@ -0,0 +1,1108 @@ { "project_options":{ "connections":{ "hostname_resolution":[ { } ], "out_of_scope_requests":{ "drop_all_out_of_scope":false, "exclude":[ { "enabled":true, "file":"logout", "protocol":"any" }, { "enabled":true, "file":"logoff", "protocol":"any" }, { "enabled":true, "file":"exit", "protocol":"any" }, { "enabled":true, "file":"signout", "protocol":"any" } ], "include":[], "scope_option":"suite" }, "platform_authentication":{ "credentials":[], "do_platform_authentication":true, "prompt_on_authentication_failure":false, "use_user_options":true }, "socks_proxy":{ "dns_over_socks":false, "host":"", "password":"", "port":0, "use_proxy":false, "use_user_options":true, "username":"" }, "timeouts":{ "domain_name_resolution_timeout":300000, "failed_domain_name_resolution_timeout":60000, "normal_timeout":120000, "open_ended_response_timeout":10000 }, "upstream_proxy":{ "servers":[], "use_user_options":true } }, "http":{ "redirections":{ "understand_3xx_status_code":true, "understand_any_status_code_with_location_header":false, "understand_javascript_driven":true, "understand_meta_refresh_tag":true, "understand_refresh_header":true }, "status_100_responses":{ "remove_100_continue_responses":false, "understand_100_continue_responses":true }, "streaming_responses":{ "store":true, "strip_chunked_encoding_metadata":true, "urls":[] } }, "misc":{ "collaborator_server":{ "location":"", "poll_over_unencrypted_http":false, "polling_location":"", "type":"none" }, "logging":{ "requests":{ "all_tools":"", "extender":"", "intruder":"", "proxy":"", "repeater":"", "scanner":"", "sequencer":"", "spider":"" }, "responses":{ "all_tools":"", "extender":"", "intruder":"", "proxy":"", "repeater":"", "scanner":"", "sequencer":"", "spider":"" } }, "scheduled_tasks":{ "tasks":[] } }, "sessions":{ "cookie_jar":{ "monitor_extender":false, "monitor_intruder":true, "monitor_proxy":true, "monitor_repeater":true, "monitor_scanner":false, "monitor_sequencer":false, "monitor_spider":true }, "macros":{ "macros":[] }, "session_handling_rules":{ "rules":[ { "actions":[ { "enabled":true, "match_cookies":"all_except", "type":"use_cookies" } ], "description":"Use cookies from Burp's cookie jar", "enabled":true, "exclude_from_scope":[], "include_in_scope":[], "named_params":[], "restrict_scope_to_named_params":false, "tools_scope":[ "Spider", "Scanner" ], "url_scope":"all" } ] } }, "ssl":{ "client_certificates":{ "certificates":[], "use_user_options":true }, "negotiation":{ "allow_unsafe_renegotiation":false, "automatically_select_compatible_ssl_parameters_on_failure":true, "enabled_ciphers":[], "enabled_protocols":[], "use_platform_default_protocols_and_ciphers":true } } }, "proxy":{ "http_history_display_filter":{ "by_annotation":{ "show_only_commented_items":false, "show_only_highlighted_items":false }, "by_file_extension":{ "hide_items":[ "js", "gif", "woff", "woff2", "jpg", "png", "css", "svg" ], "hide_specific":true, "show_items":[], "show_only_specific":false }, "by_listener":{ "port":"" }, "by_mime_type":{ "show_css":false, "show_flash":false, "show_html":true, "show_images":false, "show_other_binary":true, "show_other_text":true, "show_script":true, "show_xml":true }, "by_request_type":{ "hide_items_without_responses":false, "show_only_in_scope_items":false, "show_only_parameterized_requests":false }, "by_search":{ "case_sensitive":false, "negative_search":false, "regex":false, "term":"" }, "by_status_code":{ "show_2xx":true, "show_3xx":true, "show_4xx":true, "show_5xx":true } }, "intercept_client_requests":{ "automatically_fix_missing_or_superfluous_new_lines_at_end_of_request":false, "automatically_update_content_length_header_when_the_request_is_edited":true, "do_intercept":false, "rules":[ { "boolean_operator":"and", "enabled":true, "match_condition":"(^gif$|^jpg$|^png$|^css$|^js$|^ico$|^woff$|^svg$|^woff2$)", "match_relationship":"does_not_match", "match_type":"file_extension" }, { "boolean_operator":"or", "enabled":false, "match_relationship":"contains_parameters", "match_type":"request" }, { "boolean_operator":"or", "enabled":false, "match_condition":"(get|post)", "match_relationship":"does_not_match", "match_type":"http_method" }, { "boolean_operator":"and", "enabled":false, "match_relationship":"is_in_target_scope", "match_type":"url" }, { "boolean_operator":"and", "enabled":true, "match_condition":"google.com", "match_relationship":"does_not_match", "match_type":"domain_name" }, { "boolean_operator":"and", "enabled":true, "match_condition":"mozilla.org", "match_relationship":"does_not_match", "match_type":"domain_name" }, { "boolean_operator":"and", "enabled":true, "match_condition":"mozilla.net", "match_relationship":"does_not_match", "match_type":"domain_name" }, { "boolean_operator":"and", "enabled":true, "match_condition":"mozilla.com", "match_relationship":"does_not_match", "match_type":"domain_name" }, { "boolean_operator":"and", "enabled":true, "match_condition":"firefox.com", "match_relationship":"does_not_match", "match_type":"domain_name" } ] }, "intercept_server_responses":{ "automatically_update_content_length_header_when_the_response_is_edited":true, "do_intercept":true, "rules":[ { "boolean_operator":"or", "enabled":false, "match_condition":"text", "match_relationship":"matches", "match_type":"content_type_header" }, { "boolean_operator":"or", "enabled":false, "match_relationship":"was_modified", "match_type":"request" }, { "boolean_operator":"or", "enabled":false, "match_relationship":"was_intercepted", "match_type":"request" }, { "boolean_operator":"and", "enabled":false, "match_condition":"^304$", "match_relationship":"does_not_match", "match_type":"status_code" }, { "boolean_operator":"and", "enabled":false, "match_relationship":"is_in_target_scope", "match_type":"url" }, { "boolean_operator":"and", "enabled":true, "match_condition":"verisign.com", "match_relationship":"does_not_match", "match_type":"domain_name" }, { "boolean_operator":"and", "enabled":true, "match_condition":"google.com", "match_relationship":"does_not_match", "match_type":"domain_name" }, { "boolean_operator":"and", "enabled":true, "match_condition":"mozilla.org", "match_relationship":"does_not_match", "match_type":"domain_name" }, { "boolean_operator":"and", "enabled":true, "match_condition":"mozilla.net", "match_relationship":"does_not_match", "match_type":"domain_name" }, { "boolean_operator":"and", "enabled":true, "match_condition":"mozilla.com", "match_relationship":"does_not_match", "match_type":"domain_name" }, { "boolean_operator":"and", "enabled":true, "match_condition":"firefox.com", "match_relationship":"does_not_match", "match_type":"domain_name" } ] }, "intercept_web_sockets_messages":{ "client_to_server_messages":true, "server_to_client_messages":true }, "match_replace_rules":[ { "comment":"Emulate IE", "enabled":false, "is_simple_match":false, "rule_type":"request_header", "string_match":"^User-Agent.*$", "string_replace":"User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.0)" }, { "comment":"Emulate iOS", "enabled":false, "is_simple_match":false, "rule_type":"request_header", "string_match":"^User-Agent.*$", "string_replace":"User-Agent: Mozilla/5.0 (iPhone; CPU iPhone OS 5_1 like Mac OS X) AppleWebKit/534.46 (KHTML, like Gecko) Version/5.1 Mobile/9B176 Safari/7534.48.3" }, { "comment":"Emulate Android", "enabled":false, "is_simple_match":false, "rule_type":"request_header", "string_match":"^User-Agent.*$", "string_replace":"User-Agent: Mozilla/5.0 (Linux; U; Android 2.2; en-us; Droid Build/FRG22D) AppleWebKit/533.1 (KHTML, like Gecko) Version/4.0 Mobile Safari/533.1" }, { "comment":"Require non-cached response", "enabled":false, "is_simple_match":false, "rule_type":"request_header", "string_match":"^If-Modified-Since.*$" }, { "comment":"Require non-cached response", "enabled":false, "is_simple_match":false, "rule_type":"request_header", "string_match":"^If-None-Match.*$" }, { "comment":"Hide Referer header", "enabled":false, "is_simple_match":false, "rule_type":"request_header", "string_match":"^Referer.*$" }, { "comment":"Require non-compressed responses", "enabled":false, "is_simple_match":false, "rule_type":"request_header", "string_match":"^Accept-Encoding.*$" }, { "comment":"Ignore cookies", "enabled":false, "is_simple_match":false, "rule_type":"response_header", "string_match":"^Set-Cookie.*$" }, { "comment":"Rewrite Host header", "enabled":false, "is_simple_match":false, "rule_type":"request_header", "string_match":"^Host: foo.example.org$", "string_replace":"Host: bar.example.org" }, { "comment":"Add spoofed CORS origin", "enabled":false, "is_simple_match":false, "rule_type":"request_header", "string_replace":"Origin: eeeeeevilleJP.com" }, { "comment":"Remove HSTS headers", "enabled":false, "is_simple_match":false, "rule_type":"response_header", "string_match":"^Strict\\-Transport\\-Security.*$" }, { "comment":"Disable browser XSS protection", "enabled":false, "is_simple_match":false, "rule_type":"response_header", "string_replace":"X-XSS-Protection: 0" } ], "miscellaneous":{ "allow_requests_to_web_interface_using_fully_qualified_dns_hostnames":false, "disable_logging_to_history_and_site_map":false, "disable_out_of_scope_logging_to_history_and_site_map":false, "disable_web_interface":false, "set_connection_close_header_on_requests":true, "set_connection_close_header_on_responses":false, "strip_accept_encoding_headers_in_incoming_requests":true, "strip_proxy_headers_in_incoming_requests":false, "strip_sec_websocket_extensions_headers_in_incoming_requests":false, "suppress_burp_error_messages_in_browser":false, "unpack_gzip_deflate_in_requests":false, "unpack_gzip_deflate_in_responses":true, "use_http_10_in_requests_to_server":false, "use_http_10_in_responses_to_client":false }, "request_listeners":[ { "certificate_mode":"per_host", "listen_mode":"loopback_only", "listener_port":8080, "running":true } ], "response_modification":{ "convert_https_links_to_http":false, "enable_disabled_form_fields":true, "highlight_unhidden_fields":true, "remove_all_javascript":false, "remove_input_field_length_limits":false, "remove_javascript_form_validation":false, "remove_object_tags":false, "remove_secure_flag_from_cookies":false, "unhide_hidden_form_fields":true }, "ssl_pass_through":{ "automatically_add_entries_on_client_ssl_negotiation_failure":false, "rules":[] }, "web_sockets_history_display_filter":{ "by_annotation":{ "show_only_commented_items":false, "show_only_highlighted_items":false }, "by_listener":{ "listener_port":"" }, "by_request_type":{ "hide_incoming_messages":false, "hide_outgoing_messages":false, "show_only_in_scope_items":false }, "by_search":{ "case_sensitive":false, "negative_search":false, "regex":false, "term":"" } } }, "repeater":{ "follow_redirections":"never", "process_cookies_in_redirections":false, "unpack_gzip_deflate":true, "update_content_length":true }, "scanner":{ "active_scanning_areas":{ "csrf":true, "external_interaction":true, "file_path_traversal":true, "header_manipulation":true, "http_header_injection":true, "input_retrieval_reflected":false, "input_retrieval_stored":false, "ldap_injection":true, "open_redirection":true, "os_command_injection":{ "blind_checks":true, "enabled":true, "informed_checks":true }, "reflected_dom_issues":true, "reflected_xss":true, "server_level_issues":true, "server_side_code_injection":true, "server_side_template_injection":true, "smtp_header_injection":true, "sql_injection":{ "boolean_condition_checks":true, "enabled":true, "error_based_checks":true, "mssql_checks":true, "mysql_checks":true, "oracle_checks":true, "time_delay_checks":true }, "stored_dom_issues":true, "stored_xss":true, "suspicious_input_transformation":true, "xml_soap_injection":true }, "active_scanning_engine":{ "do_throttle":false, "follow_redirects":true, "number_of_retries_on_failure":3, "number_of_threads":10, "pause_before_retry_on_failure":2000, "throttle_interval":500, "throttle_random":false }, "active_scanning_optimization":{ "intelligent_attack_selection":true, "scan_accuracy":"normal", "scan_speed":"thorough" }, "attack_insertion_points":{ "change_body_to_cookie":true, "change_body_to_url":true, "change_cookie_to_body":true, "change_cookie_to_url":true, "change_url_to_body":true, "change_url_to_cookie":true, "insert_amf_params":false, "insert_body_params":true, "insert_cookies":true, "insert_entire_body":true, "insert_http_headers":true, "insert_param_names":true, "insert_url_params":true, "insert_url_path_filename":true, "insert_url_path_folders":true, "max_insertion_points":30, "skip_all_tests_for_parameters":[], "skip_server_side_injection_for_parameters":[ { "enabled":true, "expression":"aspsessionid.*", "item":"name", "match_type":"matches_regex", "parameter":"cookie" }, { "enabled":true, "expression":"asp.net_sessionid", "item":"name", "match_type":"is", "parameter":"cookie" }, { "enabled":true, "expression":"__eventtarget", "item":"name", "match_type":"is", "parameter":"body_parameter" }, { "enabled":true, "expression":"__eventargument", "item":"name", "match_type":"is", "parameter":"body_parameter" }, { "enabled":true, "expression":"__viewstate", "item":"name", "match_type":"is", "parameter":"body_parameter" }, { "enabled":true, "expression":"__eventvalidation", "item":"name", "match_type":"is", "parameter":"body_parameter" }, { "enabled":true, "expression":"jsessionid", "item":"name", "match_type":"is", "parameter":"any_parameter" }, { "enabled":true, "expression":"cfid", "item":"name", "match_type":"is", "parameter":"cookie" }, { "enabled":true, "expression":"cftoken", "item":"name", "match_type":"is", "parameter":"cookie" }, { "enabled":true, "expression":"PHPSESSID", "item":"name", "match_type":"is", "parameter":"cookie" }, { "enabled":true, "expression":"session_id", "item":"name", "match_type":"is", "parameter":"cookie" } ], "use_nested_insertion_points":true }, "live_active_scanning":{ "exclude":[ { "enabled":true, "file":"logout", "protocol":"any" }, { "enabled":true, "file":"logoff", "protocol":"any" }, { "enabled":true, "file":"exit", "protocol":"any" }, { "enabled":true, "file":"signout", "protocol":"any" } ], "include":[], "scope_option":"none" }, "live_passive_scanning":{ "exclude":[ { "enabled":true, "file":"logout", "protocol":"any" }, { "enabled":true, "file":"logoff", "protocol":"any" }, { "enabled":true, "file":"exit", "protocol":"any" }, { "enabled":true, "file":"signout", "protocol":"any" } ], "include":[], "scope_option":"suite" }, "passive_scanning_areas":{ "asp_net_viewstate":true, "caching":true, "cookies":true, "forms":true, "frameable_responses":true, "headers":true, "information_disclosure":true, "links":true, "mime_type":true, "parameters":true, "server_level_issues":true }, "scan_queue":{ "hide_finished_items":true }, "static_code_analysis":{ "max_time_per_item":120, "mode":"none" } }, "sequencer":{ "live_capture":{ "ignore_abnormal_length_tokens":true, "max_length_deviation":5, "num_threads":5, "throttle":0 }, "token_analysis":{ "compression":true, "correlation":true, "count":true, "fips_long_run":true, "fips_monobit":true, "fips_poker":true, "fips_runs":true, "spectral":true, "transitions":true }, "token_handling":{ "base_64_decode_before_analyzing":false, "pad_short_tokens_at":"start", "pad_with":"0" } }, "spider":{ "application_login":{ "mode":"never", "password":"", "username":"" }, "crawler":{ "check_robots_text":true, "detect_custom_not_found_responses":true, "ignore_links_to_non_text_content":true, "make_non_parameterized_request_to_dynamic_pages":true, "max_link_depth":7, "max_parameterized_requests_per_url":50, "request_root_of_all_directories":true }, "engine":{ "add_random_variation_to_throttle":false, "number_of_retries_on_failure":2, "number_of_threads":10, "pause_before_retry_on_failure":2000, "throttle_between_requests":false, "throttle_interval":0 }, "form_submission":{ "default_auto_fill_value":"[email protected]", "individuate_forms_by":"action_url_method_and_fields", "iterate_all_values_of_submit_fields":true, "max_submissions_per_form":10, "mode":"automatic", "param_auto_fill_rules":[ { "enabled":true, "field_name":"mail", "field_value":"[email protected]", "match_type":"regex" }, { "enabled":true, "field_name":"first", "field_value":"Peter", "match_type":"regex" }, { "enabled":true, "field_name":"last", "field_value":"Winter", "match_type":"regex" }, { "enabled":true, "field_name":"surname", "field_value":"Winter", "match_type":"regex" }, { "enabled":true, "field_name":"name", "field_value":"Peter Winter", "match_type":"regex" }, { "enabled":true, "field_name":"comp", "field_value":"Winter Consulting", "match_type":"regex" }, { "enabled":true, "field_name":"addr", "field_value":"1 Main Street", "match_type":"regex" }, { "enabled":true, "field_name":"city", "field_value":"Winterville", "match_type":"regex" }, { "enabled":true, "field_name":"state", "field_value":"WI", "match_type":"regex" }, { "enabled":true, "field_name":"zip", "field_value":"36310", "match_type":"regex" }, { "enabled":true, "field_name":"post", "field_value":"SW1A 1AA", "match_type":"regex" }, { "enabled":true, "field_name":"area", "field_value":"555", "match_type":"regex" }, { "enabled":true, "field_name":"phone", "field_value":"555-555-0199", "match_type":"regex" }, { "enabled":true, "field_name":"tel", "field_value":"555-555-0199", "match_type":"regex" }, { "enabled":true, "field_name":"ssn", "field_value":"123 45 6789", "match_type":"regex" }, { "enabled":true, "field_name":"social", "field_value":"123 45 6789", "match_type":"regex" }, { "enabled":true, "field_name":"age", "field_value":"30", "match_type":"regex" }, { "enabled":true, "field_name":"day", "field_value":"01", "match_type":"regex" }, { "enabled":true, "field_name":"month", "field_value":"01", "match_type":"regex" }, { "enabled":true, "field_name":"year", "field_value":"1980", "match_type":"regex" }, { "enabled":true, "field_name":"passport", "field_value":"0123456789", "match_type":"regex" } ], "set_unmatched_fields":true }, "passive_spidering":{ "link_depth_to_associate_with_proxy_requests":0, "passively_spider_as_you_browse":true }, "request_headers":{ "custom_headers":[ "Accept: */*", "Accept-Language: en", "User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; APPSEC_TEST_JP)", "Connection: close" ], "use_http_11":true, "use_referer":true }, "scope":{ "exclude":[ { "enabled":true, "file":"logout", "protocol":"any" }, { "enabled":true, "file":"logoff", "protocol":"any" }, { "enabled":true, "file":"exit", "protocol":"any" }, { "enabled":true, "file":"signout", "protocol":"any" } ], "include":[], "scope_option":"suite" } }, "target":{ "filter":{ "by_annotation":{ "show_only_commented_items":false, "show_only_highlighted_items":false }, "by_file_extension":{ "hide_items":[ "js", "gif", "woff", "woff2", "jpg", "png", "css", "svg" ], "hide_specific":true, "show_items":[], "show_only_specific":false }, "by_folders":{ "hide_empty_folders":false }, "by_mime_type":{ "show_css":false, "show_flash":false, "show_html":true, "show_images":false, "show_other_binary":true, "show_other_text":true, "show_script":true, "show_xml":true }, "by_request_type":{ "hide_not_found_items":false, "show_only_in_scope_items":false, "show_only_parameterized_requests":false, "show_only_requested_items":false }, "by_search":{ "case_sensitive":false, "negative_search":false, "regex":false, "term":"" }, "by_status_code":{ "show_2xx":true, "show_3xx":true, "show_4xx":true, "show_5xx":true } }, "scope":{ "advanced_mode":true, "exclude":[ { "enabled":true, "file":"logout", "protocol":"any" }, { "enabled":true, "file":"logoff", "protocol":"any" }, { "enabled":true, "file":"exit", "protocol":"any" }, { "enabled":true, "file":"signout", "protocol":"any" }, { "enabled":true, "host":".*mozilla.com", "protocol":"any" }, { "enabled":true, "host":".*mozilla.net", "protocol":"any" }, { "enabled":true, "host":".*mozilla.org", "protocol":"any" }, { "enabled":true, "host":".*assets.adobetm.com", "protocol":"any" }, { "enabled":true, "host":".*optimizely.com", "protocol":"any" }, { "enabled":true, "host":".*google.*.com", "protocol":"any" }, { "enabled":true, "host":".*chartbeats.com", "protocol":"any" }, { "enabled":true, "host":".*smetrics.*.com", "protocol":"any" }, { "enabled":true, "host":".*2O7.net", "protocol":"any" }, { "enabled":true, "host":".*brightcove.net", "protocol":"any" }, { "enabled":true, "file":"^/.*", "host":"^detectportal\\.firefox\\.com$", "port":"^80$", "protocol":"http" } ], "include":[ ] } } }