top of page

There's a BApp for that: AutoRepeater

Updated: Jul 8, 2022

Automating Privilege Escalations, Forced Browsing, XXE fingerprinting, and more!

Zachary Stashis


(1) Installation

Extender > BApp Store > Auto Repeater > Select "Install"

(2) Usage

Navigate to the "AutoRepeater" Tab

Add "Base Replacements"

(3) Example 1: Privilege Escalation (replaces all false to true)

(4) Example 2: XXE (changes json to xml to see if the website accepts the content type change for potential XXE insertion points)

(5) Example 3: Access Control (testing by replacing UUID's)

(6) Example 4: Match and Replace Cookie's (for different accounts to check for privilege escalation, forced browsing and more..)

(7) Enabling the tool:



Now just crawl the site as you normally would, and this tool will do all the rules you set as separate requests and give you the results:

188 views0 comments

Recent Posts

See All
bottom of page