Awesome

Signatures - Length extension attacks in Burp Suite

Burp Suite extension to perform hash length extension attacks on weak signature mechanisms.

Use cases

Cryptopals
Stripe CTF
My own vulnerable app

Examples

Signatures tabs.

Signatures tab

Extension-generated Intruder payloads will be available after messages and hashes are generated on the Signatures tab. Remember to disable URL-encoding for messages (as below).

Signatures payloads

Attack results.

Attack results

TODO

RIPEMD
Whirlpool
Tab for HMAC generation
Fix copy message button when padding has line breaks