off-by-slash is a Burp Suite extension that identifies alias traversal vulnerabilities in NGINX configurations through automated analysis of HTTP requests and responses. The extension operates by examining web traffic patterns to detect potential path traversal issues that arise from NGINX alias directive misconfigurations. These misconfigurations can allow attackers to access files and directories outside of the intended web root. The tool integrates directly with Burp Suite's proxy functionality, enabling security professionals to test NGINX configurations at scale during web application assessments. It analyzes server responses to identify indicators of successful alias traversal attempts. The extension focuses specifically on NGINX server configurations and their potential security weaknesses related to file path handling and directory access controls.