Burp Suite extension for encoding/decoding EVM calldata

Overview

unblocker

Burp Suite extension for encoding/decoding EVM calldata

0x00_prerequisites

  1. Burp Suite
  2. Java 8+
  3. Python 2.7

0x01_installation

  1. clone this repository
  2. in Burp, go to Extender->Options
    1. in the Java Environment section add /unblocker/ as "Folder for loading library JAR files"
    2. in the Python Environment section:
    3. add /unblocker/jython-standalone-2.7.2.jar as "Location of Jython standalone JAR file"
    4. add /unblocker/src/lib as "Folder for loading modules"
  3. in Burp, go to Extender->Extensions
    1. click "Add" in the Burp Extensions section and select /unblocker/unblocker.py as "Extension file (.jar)"--Burp will detect the filetype automatically
    2. confirm the installation by approving all subsequent modal windows

0x02_usage

Unblocker features ABI-less EVM calldata decoding but you can also provide the ABI yourself if you know it. Encoding does require you to provide some ABI.

  • ABI has to be provided like so: transfer(address, uint256).
  • Input data (for decoding) can be provided with or without 0x prepended.
  • Input data strings (for encoding) have to be provided like so: "s'hello, world'"
  • Input data bytes (for encoding) have to be provided like so: "b'deadbeef'"
  • Input data structs (for encoding) have to be provided with square brackets instead of parenthesis, like so: ["s'some string'", true, 123]
You might also like...
log4j2 passive burp rce scanning tool get post cookie full parameter recognition
log4j2 passive burp rce scanning tool get post cookie full parameter recognition

log4j2_burp_scan 自用脚本log4j2 被动 burp rce扫描工具 get post cookie 全参数识别,在ceye.io api速率限制下,最大线程扫描每一个参数,记录过滤已检测地址,重复地址 token替换为你自己的http://ceye.io/ token 和域名地址

PortSwigger Burp Plugin for the Log4j (CVE-2021-44228)

yLog4j This is Y-Sec's @PortSwigger Burp Plugin for the Log4j CVE-2021-44228 vulnerability. The focus of yLog4j is to support mass-scanning of the Log

This a simple tool XSS Detection Suite for CTFs games
This a simple tool XSS Detection Suite for CTFs games

This a simple tool XSS Detection Suite for CTFs games

Scout Suite - an open source multi-cloud security-auditing tool,
Scout Suite - an open source multi-cloud security-auditing tool,

Description Scout Suite is an open source multi-cloud security-auditing tool, which enables security posture assessment of cloud environments. Using t

A DOM-based G-Suite password sprayer and user enumerator

A DOM-based G-Suite password sprayer and user enumerator

SeaSurf is a Flask extension for preventing cross-site request forgery (CSRF).

Flask-SeaSurf SeaSurf is a Flask extension for preventing cross-site request forgery (CSRF). CSRF vulnerabilities have been found in large and popular

A BurpSuite extension to parse 5GC NF OpenAPI 3.0 files to assess 5G core networks
A BurpSuite extension to parse 5GC NF OpenAPI 3.0 files to assess 5G core networks

5GC_API_parse Description 5GC API parse is a BurpSuite extension allowing to assess 5G core network functions, by parsing the OpenAPI 3.0 not supporte

🐝 ℹ️ Honeybee extension for export to IES-VE gem file format
🐝 ℹ️ Honeybee extension for export to IES-VE gem file format

honeybee-ies Honeybee extension for export a HBJSON file to IES-VE GEM file format Installation pip install honeybee-ies QuickStart import pathlib fro

BurpSuite Extension: Log4j RCE Scanner
BurpSuite Extension: Log4j RCE Scanner

BurpSuite Extension: Log4j RCE Scanner

Owner
Halborn
ELITE CYBERSECURITY FOR BLOCKCHAIN COMPANIES
Halborn
A simple Burp Suite extension to extract datas from source code

DataExtractor A simple Burp Suite extension to extract datas from source code. Features in scope parsing file extensions to ignore files exclusion bas

Gwendal Le Coguic 86 Dec 31, 2022
A Burp Suite extension made to automate the process of finding reverse proxy path based SSRF.

TProxer A Burp Suite extension made to automate the process of finding reverse proxy path based SSRF. How • Install • Todo • Join Discord How it works

Krypt0mux 162 Nov 25, 2022
About Hive Burp Suite Extension

Hive Burp Suite Extension Description Hive extension for Burp Suite. This extension allows you to send data from Burp to Hive in one click. Create iss

null 7 Dec 7, 2022
A burp-suite plugin that extract all parameter names from in-scope requests

ParamsExtractor A burp-suite plugin that extract all parameters name from in-scope requests. You can run the plugin while you are working on the targe

null 29 Nov 9, 2022
A Burp extension adding a passive scan check to flag parameters whose name or value may indicate a possible insertion point for SSRF or LFI.

BurpParamFlagger A Burp extension adding a passive scan check to flag parameters whose name or value may indicate a possible insertion point for SSRF

Allyson O'Malley 118 Nov 7, 2022
A tool to find good RCE From my series: A powerful Burp extension to make bounties rain

A tool to find good RCE From my series: A powerful Burp extension to make bounties rain

null 52 Dec 16, 2022
The disassembler parses evm bytecode from the command line or from a file.

EVM Bytecode Disassembler The disassembler parses evm bytecode from the command line or from a file. It does not matter whether the bytecode is prefix

alpharush 22 Dec 27, 2022
xp_CAPTCHA(白嫖版) burp 验证码 识别 burp插件

xp_CAPTCHA(白嫖版) 说明 xp_CAPTCHA (白嫖版) 验证码识别 burp插件 安装 需要python3 小于3.7的版本 安装 muggle_ocr 模块(大概400M左右) python3 -m pip install -i http://mirrors.aliyun.com/

算命縖子 588 Jan 9, 2023
Burp Extensions

Burp Extensions This is a collection of extensions to Burp Suite that I have written. getAllParams.py - Version 1.2 This is a python extension that ru

/XNL-h4ck3r 364 Dec 30, 2022
log4j burp scanner

log4jscanner log4j burp插件 特点如下: 0x01 基于Cookie字段、XFF头字段、UA头字段发送payload 0x02 基于域名的唯一性,将host带入dnslog中 插件主要识别五种形式: 1.get请求,a=1&b=2&c=3 2.post请求,a=1&b=2&c=

null 1 Jun 30, 2022