Jump to content
YOUR-AD-HERE
HOSTING
TOOLS
992Proxy

Locked Burp Co2

sQuo

By ADMINsQuo
in Hacking Tools

 Share

Recommended Posts

sQuo Hacker

ADMINsQuo

Posted
Posted

This is the hidden content, please

 

This is for those of you who do web pen testing with Portswigger’s Burp proxy tool! A collection of enhancements for Portswigger’s popuplar Burp Suite web penetration testing tool.Co2 includes several useful enhancements bundled into a single Java-based Burp Extension. The extension has it’s own configuration tab with multiple sub-tabs (for each Co2 module). Modules that interact with other Burp tools can be disabled from within the Co2 configuration tab, so there is no need to disable the entire extension when using just part of the functionality.

 

Included in this version are a few useful modules. The first is called SQLMapper, a sqlmap helper. Simply right-click on any request in Burp and you will see a new menu option to send the request to SQLMapper. The following screen will appear pre-populated with the URL, POST data (if applicable) and Cookies (if applicable) from the request. You can then set any other options you need and then copy/paste the SQLMap Command to sqlmap on your command line.

 

This is the hidden content, please

 

A second module is called the User Generator (or User Lister, depending on who you ask). For this one team collected publicly available census data from

This is the hidden content, please
(for surnames) and popular baby names from the social security website (
This is the hidden content, please
) to make a username generator based on this statistical data. The interface (see below) allows you to tinker with the data sets a little bit, specify if you want full names, initials, a delimiter between first and last names, etc…

 

The tool will approximate which name combinations are the most common and sort the list accordingly. The result set is currently limited to the top 200,000 names to avoid performance issues.

 

This is the hidden content, please

 

The Prettier JS module adds a tab to the main response window which will attempt to make the format more human-readable through the use of line feeds and indentation. This is still a work in progress but based on a request to Google’s hosted compressed jquery library (jquery.min.js) it is a definitely improvement.

 

This is the hidden content, please

 

Other Co2 Modules include:

OAuther - based on burp-oauth (

This is the hidden content, please
), this version of the tool has a configuration screen rather than requiring recompilation when keys/tokens/secrets are changed.

ASCII Payload Processor - shows up as an Intruder payload. It will convert payloads into ascii decimal (don’t laugh, I wrote this after encountering the need for it twice in the wild!)

 

Download:

This is the hidden content, please

Mirror:

This is the hidden content, please

Link to comment
Share on other sites
Guest
This topic is now closed to further replies.
 Share
Go to topic listing
×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.