off-by-slash Logo

off-by-slash

A Burp Suite extension that detects NGINX alias traversal vulnerabilities by analyzing HTTP traffic patterns to identify path traversal misconfigurations.

263
Vulnerability Management
Free
Visit website
0

off-by-slash Description

off-by-slash is a Burp Suite extension that identifies alias traversal vulnerabilities in NGINX configurations through automated analysis of HTTP requests and responses. The extension operates by examining web traffic patterns to detect potential path traversal issues that arise from NGINX alias directive misconfigurations. These misconfigurations can allow attackers to access files and directories outside of the intended web root. The tool integrates directly with Burp Suite's proxy functionality, enabling security professionals to test NGINX configurations at scale during web application assessments. It analyzes server responses to identify indicators of successful alias traversal attempts. The extension focuses specifically on NGINX server configurations and their potential security weaknesses related to file path handling and directory access controls.

FEATURED

Proton Pass Logo

Password manager with end-to-end encryption and identity protection features

NordVPN Logo

VPN service providing encrypted internet connections and privacy protection

Mandos Fractional CISO Services Logo

Fractional CISO services for B2B companies to accelerate sales and compliance

Stay Updated with Mandos Brief

Get the latest cybersecurity updates in your inbox

POPULAR

RoboShadow Logo

Automated vulnerability assessment and remediation platform

10
TestSavantAI Logo

Security platform that provides protection, monitoring and governance for enterprise generative AI applications and LLMs against various threats including prompt injection and data poisoning.

5
Cybersec Feeds Logo

A threat intelligence aggregation service that consolidates and summarizes security updates from multiple sources to provide comprehensive cybersecurity situational awareness.

5
Fabric Platform by BlackStork Logo

Fabric Platform is a cybersecurity reporting solution that automates and standardizes report generation, offering a private-cloud platform, open-source tools, and community-supported templates.

5
Mandos Brief Newsletter Logo

A weekly newsletter providing cybersecurity leadership insights, industry updates, and strategic guidance for security professionals advancing to management positions.

5
View Popular Tools →