Comments (2)
justinmoore
commented on June 16, 2024
Hey @ngkogkos,
I've honestly never used Burp's collaborator functionality so I'm unsure of how AutoRepeater would fit into it. Could you please explain in more detail how some functionality within AutoRepeater could integrate with Burp's collaborator?
Thanks,
Justin
from autorepeater.
ngkogkos
commented on June 16, 2024
Hi Justin,
Thanks for the quick reply.
We use collaborator a lot internally to identify any out-of-band or other weird vulnerabilities. Sometimes it helped me exploit complex SQLis or other injections as well.
It could work in similar fashion to the Burp Collaborator client. It could basically generate unique subdomains which the collaborator server can track, and if any interaction happens with them, AutoRepeater/Burp would know this and display an issue under the site's target issues, if that makes sense.
Active Scanner does something similar, it injects command injection payloads, SQLi payloads etc, that contain DNS resolution commands, or HTTP/SMTP requests to the collaborator domain. This can be tracked by the burp client and it knows which payload worked. Using the Flow plugin, filter by Active Scanner and you can see such payloads.
Note that people can either use the free PortSwigger's collaborator, or setup a private one.
So AutoRepeater could have a check option, which upon enabled for a replacements "tab" or payload, would replace a placeholder such as COLLAB, with unique collaborator subdomains and track any interactions down.
PS: Something to consider, adding collaborator functionality may require the plugin to become Pro plugin only, although I am not certain of this.
from autorepeater.
Related Issues (20)
- Add an option to arrange the conditions and payloads by creating a simple buttons
- Add an option to perform multiple actions in one click such as delete or duplicate
- [Feature Request] Add condition in logs for Resp. Len. Diffing HOT 1
- Messed up colors with Darcula theme in v2020.4 HOT 2
- Possible to perform a series of action
- Autorepeater stops working on adding a log filter with response length greater than 0
- Condition about file extension doesn't work. HOT 6
- Releases
- http2 issues. HOT 4
- Post Parameter Replace
- Replace Param Value in Post
- Not working with servers using HTTP/2
- Ability to copy & paste Rules
- .
- Importing rules
- Replace All
- Autorepeater not working for json body parameters replacement HOT 1
- Top menu gone missing in newer versions of BurpSuite HOT 4
- Excessive resource consumption
- Plugins often get stuck HOT 1
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from autorepeater.