Automating Privilege Escalations, Forced Browsing, XXE fingerprinting, and more!
Zachary Stashis
Contents:
(1) Installation
Extender > BApp Store > Auto Repeater > Select "Install"
(2) Usage
Navigate to the "AutoRepeater" Tab
Add "Base Replacements"
(3) Example 1: Privilege Escalation (replaces all false to true)
(4) Example 2: XXE (changes json to xml to see if the website accepts the content type change for potential XXE insertion points)
(5) Example 3: Access Control (testing by replacing UUID's)
(6) Example 4: Match and Replace Cookie's (for different accounts to check for privilege escalation, forced browsing and more..)
(7) Enabling the tool:
(off)
(on)
Now just crawl the site as you normally would, and this tool will do all the rules you set as separate requests and give you the results: