# burp_mirror_gui

**Repository Path**: xssor/burp_mirror_gui

## Basic Information

- **Project Name**: burp_mirror_gui
- **Description**: Burp多实例管理工具，该方案搭配jsforward或者mitmdump，将解决以下问题，如下：
1.加解密、重放机制防御场景下，需要进行实时流量的越权测试、未授权访问测试、业务逻辑漏洞测试、会话漏洞测试等问题！
2.Logger中流量太多有时候容易混乱或者出错！
3.无视重放机制（时间戳、Nonce等）！
4.实时对比流量！
5.并行分许越权、会话、业务逻辑等漏洞！
- **Primary Language**: Python
- **License**: MIT-0
- **Default Branch**: master
- **Homepage**: None
- **GVP Project**: No

## Statistics

- **Stars**: 0
- **Forks**: 0
- **Created**: 2025-11-27
- **Last Updated**: 2025-11-27

## Categories & Tags

**Categories**: Uncategorized

**Tags**: None

## README

Burp Multiple Instance Management Tool
This solution, when combined with jsforward or mitmdump, effectively addresses the following pain points in penetration testing:
1.Enables real-time testing for privilege escalation, unauthorized access, business logic vulnerabilities, and session-related flaws—even under encryption/decryption or replay-prevention mechanisms.
2.Resolves traffic clutter and errors in Burp Logger caused by excessive data volume.
3.Bypasses replay prevention mechanisms (e.g., timestamps, Nonce, etc.).
4.Supports real-time traffic comparison.
5.Facilitates parallel analysis of privilege escalation, session vulnerabilities, business logic flaws, and more.
6.Eliminates encryption barriers through integration with jsforward or mitmdump.
7.Reduces the tedious manual replay operations in Burp Repeater.
8.Overcomes the limitation of Burp's upstream proxy: while the default setup forwards traffic from Burp's 8080 port to another instance's 8081 port, it only forwards data sent to the server. This tool captures traffic before the "Forward" action (i.e., pre-forward traffic) as required.