off-by-slash is a Burp Suite extension that identifies alias traversal vulnerabilities in NGINX configurations through automated analysis of HTTP requests and responses. The extension operates by examining web traffic patterns to detect potential path traversal issues that arise from NGINX alias directive misconfigurations. These misconfigurations can allow attackers to access files and directories outside of the intended web root. The tool integrates directly with Burp Suite's proxy functionality, enabling security professionals to test NGINX configurations at scale during web application assessments. It analyzes server responses to identify indicators of successful alias traversal attempts. The extension focuses specifically on NGINX server configurations and their potential security weaknesses related to file path handling and directory access controls.
FEATURES
EXPLORE BY TAGS
SIMILAR TOOLS
A comprehensive toolkit for web application security testing, offering a range of products and solutions for identifying vulnerabilities and improving security posture.
QIRA is a competitor to strace and gdb with MIT license, supporting Ubuntu and Docker for wider compatibility.
A brute-force protection middleware for express routes that rate-limits incoming requests.
A plugin for viewing, detecting weak configurations, and generating Content Security Policy headers.
APKiD is a tool that identifies compilers, packers, obfuscators, and other weird stuff in APK files.
Bearer CLI is a static application security testing tool that scans source code across multiple programming languages to identify and prioritize OWASP Top 10 and CWE Top 25 security vulnerabilities through data flow analysis.
SearchCode is an extensive code search engine that indexes 75 billion lines of code from millions of projects to help developers find coding examples and libraries.
A Nuxt 3 security module that automatically implements OWASP security patterns through HTTP headers, middleware, and various protection mechanisms including CSP, XSS validation, CORS, and CSRF protection.
An open-source tool that automates the detection and analysis of DLL hijacking vulnerabilities in Windows applications, providing detailed reports and remediation guidance.