🔐 PrivateBChecks Collection

  ██████╗ ██████╗ ██╗██╗   ██╗ █████╗ ████████╗███████╗██████╗  ██████╗██╗  ██╗███████╗ ██████╗██╗  ██╗███████╗
  ██╔══██╗██╔══██╗██║██║   ██║██╔══██╗╚══██╔══╝██╔════╝██╔══██╗██╔════╝██║  ██║██╔════╝██╔════╝██║ ██╔╝██╔════╝
  ██████╔╝██████╔╝██║██║   ██║███████║   ██║   █████╗  ██████╔╝██║     ███████║█████╗  ██║     █████╔╝ ███████╗
  ██╔═══╝ ██╔══██╗██║╚██╗ ██╔╝██╔══██║   ██║   ██╔══╝  ██╔══██╗██║     ██╔══██║██╔══╝  ██║     ██╔═██╗ ╚════██║
  ██║     ██║  ██║██║ ╚████╔╝ ██║  ██║   ██║   ███████╗██████╔╝╚██████╗██║  ██║███████╗╚██████╗██║  ██╗███████║
  ╚═╝     ╚═╝  ╚═╝╚═╝  ╚═══╝  ╚═╝  ╚═╝   ╚═╝   ╚══════╝╚═════╝  ╚═════╝╚═╝  ╚═╝╚══════╝ ╚═════╝╚═╝  ╚═╝╚══════╝

[ Developed with ❤️ by CyberTechAjju ]

📜 Overview

A sophisticated collection of custom BCheck scripts for Burp Suite to enhance your web application security testing capabilities. These scripts automate various security checks including bypass techniques, vulnerability detection, and security control testing. Designed for professional penetration testers, bug bounty hunters, and security enthusiasts to streamline their workflow and increase efficiency.

🔍 Collection Contents

403 & 401 Bypass Techniques

Script	Description
403 Bypass Comprehensive Techniques.bcheck	Comprehensive 403 bypass testing using header manipulation, URL obfuscation, method overrides, and custom headers. Implements multiple techniques in a single scan.
403 401 Header Bypass via IP.bcheck	Attempts potential bypass methods to access responses originally returning 403 or 401 status codes by replacing specific headers with various IP payloads. Based on research from multiple security researchers.
403-429 bypass using HTTP Header.bcheck	Attempts to bypass 403/429 using the HTTP headers with local IP address. Targets rate limiting and access control mechanisms.

Rate Limiting & Middleware Checks

Script	Description
Rate limiter detected.bcheck	Check response to detect the presence of different forms of rate limiter. Identifies various rate limiting implementations including those from major cloud providers.
CVE-2025-29927 - Nextjs middleware bypass.bcheck	Checks for differences in responses when using different x-middleware-subrequest header paths. Targets Next.js applications with potentially vulnerable middleware configurations.

Path & File Checks

Script	Description
Path-level.bcheck	Tests for exposed backup files with various extensions (.bak, .back, .backup, .old). Identifies potentially sensitive files that may have been left on the server.

💻 Technical Details

How These BChecks Work

Each BCheck script follows a similar pattern:

metadata:
    language: v2-beta
    name: "Script Name"
    description: "What the script does"
    author: "CyberTechAjju"
    tags: "relevant", "tags"

define:
    # Variables and constants used in the check

run for each:
    # Arrays of values to iterate through during testing

given request/response then
    # Logic to execute the security test
    # Conditions to evaluate
    # Actions to take based on results

Advanced Features

• Header Manipulation: Tests various HTTP headers with different payloads
• IP Spoofing Detection: Identifies when applications trust client-provided IP addresses
• Rate Limit Bypass: Attempts to circumvent rate limiting mechanisms
• Path Traversal: Tests for directory traversal vulnerabilities
• Middleware Bypass: Targets application middleware for security weaknesses

🚀 Installation

1. Download the BCheck files from this repository
2. Open Burp Suite Professional
3. Navigate to the Extensions tab
4. Select the BChecks sub-tab
5. Click "Add" and select the downloaded BCheck files
6. Enable the checks you want to use in your scans

💡 Usage

Basic Usage

1. Configure your Burp Suite scan settings
2. Ensure the relevant BChecks are enabled
3. Start your scan against the target application
4. Review the scan results for potential vulnerabilities

Advanced Usage

For more targeted testing:

# Example of using BChecks with Burp Suite CLI
java -jar burpsuite_pro.jar --project-file=project.burp --config-file=config.json

🔧 Customization

Each BCheck can be customized to fit your specific testing needs:

1. Open the BCheck file in a text editor
2. Modify the arrays of test values
3. Adjust the severity and confidence levels
4. Add additional test cases as needed
5. Save and reload in Burp Suite

🛡️ Defensive Countermeasures

To protect against the vulnerabilities these BChecks detect:

1. Implement proper server-side validation
2. Don't trust client-provided headers for security decisions
3. Use consistent access control mechanisms
4. Properly configure rate limiting
5. Sanitize and validate all user input
6. Implement proper error handling

🌐 Community Resources

Similar BCheck Collections

Click to expand the list of related BCheck repositories

• PortSwigger/BChecks
• NetSPIWillD/BChecks
• lisandre-com/BChecks
• beishanxueyuan/BChecks
• nullfuzz-pentest/bchecks-templates
• cyberK9/BChecksFTW
• IAmRoot0/BCheck-Rules
• 0xm4v3rick/Burp-BChecks
• buggysolid/bchecks
• vrechson/copy-to-bcheck
• MrW0l05zyn/bchecks
• Hannah-PortSwigger/SaveBchecksToFile
• jayluxferro/BChecks
• jimiss/bchecks
• QdghJ/burpsuite-bchecks
• yeswehack/BCheck-Burp-scripts
• CosasDePuma/Hacktomation
• KaustubhRai/bchecks
• nithisshs/Custom-Bchecks
• vmnguyen/bcheck-collection
• 0x0msg/Bcheck_Collection
• j3ssie/custom-bcheck-scan
• AliAhdy/Burp-Suite-BChecks---OWASP-ASVS-V4.0.3
• BuffaloWill/BChecksPublic
• HektikSec/BChecks
• kjeevesh/bchecks
• 10up/wp-bcheck
• kalhoralireza/morvarid-bcheck

📚 Learning Resources

• BCheck Official Documentation

⚠️ Disclaimer

These scripts are provided for legitimate security testing purposes only. Always ensure you have proper authorization before testing any systems. The author is not responsible for any misuse or damage caused by these scripts.

THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
SOFTWARE.

👨‍💻 Author

Created with ❤️ by CyberTechAjju

Security Researcher | Bug Hunter | Penetration Tester

📄 License

This project is available for use under the MIT License.

🤝 Contributing

Contributions are welcome! If you have additional BCheck scripts or improvements to existing ones:

1. Fork the repository
2. Create your feature branch (git checkout -b feature/amazing-feature)
3. Commit your changes (git commit -m 'Add some amazing feature')
4. Push to the branch (git push origin feature/amazing-feature)
5. Open a Pull Request

📊 Stats

---

If you find these scripts useful, please consider giving this repository a ⭐

  ┌───────────────────────────────────────────────────────────────┐
  │                                                               │
  │   "The quieter you become, the more you are able to hear."    │
  │                                           - Kali Linux        │
  │                                                               │
  └───────────────────────────────────────────────────────────────┘
  

Keep Learning Keep Hacking! 🚀