There's a BApp for that: AutoRepeater

Automating Privilege Escalations, Forced Browsing, XXE fingerprinting, and more!

Zachary Stashis

Contents:

1. Installation

2. Usage

3. Example 1: Privilege Escalation (replaces all false to true)

4. Example 2: XXE (changes json to xml to see if the website accepts the content type change for potential XXE insertion points)

5. Example 3: Access Control (testing by replacing UUID's)

6. Example 4: Match and Replace Cookies (for different accounts to check for privilege escalation, forced browsing, and more..)

7. Enable the tool:

(1) Installation

Extender > BApp Store > Auto Repeater > Select "Install"

(2) Usage

Navigate to the "AutoRepeater" Tab

Add "Base Replacements"

(3) Example 1: Privilege Escalation (replaces all false to true)

(4) Example 2: XXE (changes json to xml to see if the website accepts the content type change for potential XXE insertion points)

(5) Example 3: Access Control (testing by replacing UUID's)

(6) Example 4: Match and Replace Cookie's (for different accounts to check for privilege escalation, forced browsing and more..)

(7) Enabling the tool:

(off)

(on)

Now just crawl the site as you normally would, and this tool will do all the rules you set as separate requests and give you the results: