Blazor Traffic Processor

A penetration testing tool that enables security assessment of Blazor Server applications by converting BlazorPack serialized messages to human-readable JSON format and back. This extension makes it possible to inspect, modify, and tamper with Blazor Server communications that would otherwise be opaque binary data.

Features

• Converts BlazorPack messages to JSON and back
• Highlights BlazorPack traffic in HTTP history
• Editor tabs for modifying messages in-line (requires in-scope traffic)
• Standalone conversion tab for manual processing
• Automatically downgrades WebSocket connections to HTTP

Usage

1. Add the Blazor Server application to your target scope
2. Navigate to the Blazor Server application through the proxy
3. BlazorPack-enabled requests and responses will automatically appear highlighted in cyan in the HTTP History
4. Click the "BTP" tab on in-scope requests or responses containing BlazorPack data to view the JSON representation
5. Modify the JSON as needed for your security testing
6. Switch to the "Raw" tab to re-serialize your modifications back to BlazorPack format
7. Use the dedicated "BTP" suite tab for standalone conversions between formats
8. Right-click any request or response and select "Extensions → Blazor Traffic Processor → Send body to BTP tab" to quickly transfer message bodies for analysis