• Stars
    star
    192
  • Rank 202,019 (Top 4 %)
  • Language
    Java
  • Created over 3 years ago
  • Updated 5 months ago

Reviews

There are no reviews yet. Be the first to send feedback to the community and the maintainers!

Repository Details

Burpsuite plugin for Interact.sh

Interactsh Collaborator

This is a Burpsuite plugin for Interact.sh

This plugin implements the client side logic from interactsh-client. It will allow you to generate new domains that can be used for OOB testing. If you host your own version of Interactsh you can configure it in the Configuration tab.

This extension works in addition to Burpsuite's Collaborator service.

All results are logged in the Interactsh Logs tab once the extension is loaded. Verbose details will be displayed in the bottom window once an OOB interaction is logged and selected.

Interactsh-Collaborator

Build

  1. mvn package
  2. Add the target/collaborator-1.x.x-dev-jar-with-dependencies.jar file as a new Java extension in Burpsuite

Alternatively you can download the precompiled library from the latest releast

Usage

After the extension is installed you should be able to see the Interactsh tab. Navigate to the tab and click the button labeled Generate Interactsh Url.

This button will copy the generated domain name to your clipboard. The domain name will also be logged to the extension output.

You can then use this domain name in any OOB testing. To generate a sample event you can visit that domain in a new browser tab.

Data should populate after a few seconds into the table with details about what type of OOB interaction occurred.

Try adjusting the poll time to a shorter value when you expect active results.

More Repositories

1

VhostFinder

Identify virtual hosts by similarity comparison
Go
112
star
2

werkzeug-debug-console-bypass

Werkzeug has a debug console that requires a pin. It's possible to bypass this with an LFI vulnerability or use it as a local privilege escalation vector.
Python
50
star
3

CVESearch

Query various sources for CVE proof-of-concepts
Go
50
star
4

spring-gateway-demo

Sample Spring application to Demonstrate the Gateway Actuator
Java
48
star
5

Hounds

Chromium based web crawler that identifies in-scope urls
JavaScript
14
star
6

LogicalFuzzingEngine

A Burpsuite extension written in Python to perform basic validation fuzzing
Python
11
star
7

canary

CLI tool written in Go to generate Canary Tokens from https://canarytokens.org
Go
10
star
8

Chegg

A simple exploit on Chegg that was found and submitted on April 29, 2015
HTML
5
star
9

Traveling-Salesperson-Problem

Princeton Traveling Salesperson Problem solved with an O(N2) algorithm
Java
2
star
10

msf-rpc-client

Golang based RPC client to communicate with Metasploit. Based off Black Hat Go's example.
Go
2
star
11

aws-native-rce

Collection of payloads to work with AWS services
2
star
12

raw_http_utils

Retrieve the raw HTTP request and response in Golang from net/http
Go
2
star
13

Catching-Plagiarists

Java
2
star
14

Sourcerer

Ruby based utility to apply rules to url datasources and insert filtered results into a Sidekiq compatible Redis queue
Ruby
2
star
15

SlurpLogin

Generate Selenium IDE Test Cases via a Burpsuite Plugin
Python
1
star
16

HttpComparison

Compare raw HTTP responses to identify signficant differences
Go
1
star