There's a BApp for that: AutoRepeater

Updated: Jul 8

Automating Privilege Escalations, Forced Browsing, XXE fingerprinting, and more!

Zachary Stashis



Contents:

  1. Installation

  2. Usage

  3. Example 1: Privilege Escalation (replaces all false to true)

  4. Example 2: XXE (changes json to xml to see if the website accepts the content type change for potential XXE insertion points)

  5. Example 3: Access Control (testing by replacing UUID's)

  6. Example 4: Match and Replace Cookies (for different accounts to check for privilege escalation, forced browsing, and more..)

  7. Enable the tool:


(1) Installation

Extender > BApp Store > Auto Repeater > Select "Install"


(2) Usage

Navigate to the "AutoRepeater" Tab


Add "Base Replacements"


(3) Example 1: Privilege Escalation (replaces all false to true)


(4) Example 2: XXE (changes json to xml to see if the website accepts the content type change for potential XXE insertion points)


(5) Example 3: Access Control (testing by replacing UUID's)


(6) Example 4: Match and Replace Cookie's (for different accounts to check for privilege escalation, forced browsing and more..)


(7) Enabling the tool:


(off)


(on)


Now just crawl the site as you normally would, and this tool will do all the rules you set as separate requests and give you the results:


115 views0 comments

Recent Posts

See All