ZIP File Raider – Burp Extension For ZIP File Payload Testing

0
17
ZIP File Raider - Burp Extension For ZIP File Payload Testing

ZIP File Raider is a Burp Suite extension for attacking internet software with ZIP file add performance. You can simply inject Burp Scanner/Repeater payloads in ZIP content material of the HTTP requests which isn’t possible by default. This extension helps to automate the extraction and compression steps.

This software program was created by Natsasit Jirathammanuwat throughout a cooperative training course at King Mongkut’s University of Technology Thonburi (KMUTT).

Installation

  1. Set up Jython standalone Jar in Extender > Options > Python Environment > “Select file…”.
  2. Add ZIP File Raider extension in Extender > Extensions > Add > CompressedPayloads.py (Extension kind: Python)

How to make use of

Send the HTTP request with a compressed file to the ZIP File Raider
First, proper click on on the HTTP request with a compressed file in HTTP physique after which choose “Send request to ZIP File Raider extender Repeater” or Scanner.

Repeater
This Repeater tab makes it attainable to edit the content material of the compressed file after which repeats it to the server promptly.

Descriptions for ZIP File Raider – Repeater tab:

  1. Files and folders pane – record of recordsdata and folders within the compressed file which is distributed from the earlier step (Send request to …), choose a file to edit its content material.
  2. Edit pane – edit the content material of chosen file in textual content or hex mode (press “Save” after enhancing one file if you wish to edit a number of recordsdata in a ZIP file).
  3. Request/Response pane – The HTTP request/response might be proven on this pane after clicking on the “Compress & Go” button.

Scanner
This Scanner tab is used for setting the §insertion level§ within the content material of the ZIP file earlier than sending it to Burp Scanner.

Descriptions for ZIP File Raider – Scanner tab:

  1. Files and folders pane – record of recordsdata and folders within the compressed file which is distributed from the earlier step (Send request to …), choose a file that you just need to set the §insertion factors§.
  2. Set insertion level pane – set insertion level within the content material of the chosen file by clicking on the “Set insertion point” button. (The insertion level might be enclosed with a pair of § image)
  3. Config/Status pane – config the scanner and present the scanner standing (Not Running/Running).

Author
Natsasit Jirathammanuwat

MoreTip.com

LEAVE A REPLY

Please enter your comment!
Please enter your name here

This site uses Akismet to reduce spam. Learn how your comment data is processed.