top of page

There's a BApp for that: AutoRepeater

Updated: Jul 8, 2022

Automating Privilege Escalations, Forced Browsing, XXE fingerprinting, and more!

Zachary Stashis



Contents:


(1) Installation

Extender > BApp Store > Auto Repeater > Select "Install"


(2) Usage

Navigate to the "AutoRepeater" Tab


Add "Base Replacements"


(3) Example 1: Privilege Escalation (replaces all false to true)


(4) Example 2: XXE (changes json to xml to see if the website accepts the content type change for potential XXE insertion points)


(5) Example 3: Access Control (testing by replacing UUID's)


(6) Example 4: Match and Replace Cookie's (for different accounts to check for privilege escalation, forced browsing and more..)


(7) Enabling the tool:


(off)


(on)


Now just crawl the site as you normally would, and this tool will do all the rules you set as separate requests and give you the results:


188 views0 comments

Recent Posts

See All
bottom of page