GatherContacts is a Burp Suite Extension to pull Employee Names from Google and Bing LinkedIn Search Results.
As part of reconnaissance when performing a penetration test, it is often useful to gather employee names that can then be massaged into email addresses and usernames. The usernames may come in handy for performing a password spraying attack for example. One easy way to gather employee names is to use the following Burp Suite Pro extension as described below.
To collect employee names with Burp, you’ll need to do the following steps.
Also ReadSQLMap v1.2.9 – Automatic SQL Injection & Database Takeover Tool
This extension uses the jsoup Java library. You will need to download jsoup and tell Burp where to find it as shown below.
Add the “Gather Contacts” extension from the Extender–>Extensions tab as shown below:
Click Add–>SelectFile … and browse to the “GatherContacts.jar” file that you download from this repository.
Configure the Extension to save output to a file. This is where your usernames will be written. You can optionally select the “Show in UI” option, but the output window truncates items when the list gets too long.
Configure your browser to use Burp as a proxy as you normally would. From the browser, do a Google or Bing search of the following form (don’t forget the “/in” on the end of “linkedin.com”:
site:linkedin.com/in “Company Name”
Each of the employee names in the search results will be written to the output file you specified, as a tab delimited list. You can click on additional pages of results to get more employee names written to the file.
You can gather a large list of employee names quickly and easily with this method. Try importing the list into Microsoft Excel where you can use formulas to turn employee names into the appropriate username format such as first initial followed by last name.
When you are done, unload the Extension so you don’t burden Burp with inspecting all responses.
Note: If you aren’t getting a name written to the output file as you expect, it could be that the name was already ouput by the extension since it was loaded. To reset everything, unload (uncheck) the extension and then reload it.
For those of you not familiar with Excel formula’s, here are some formulas for creating usernames and email addresses from the output above. (Assume column B contains the first name and column C contains the last name)
Randomize the order of your username list before spraying to avoid being detected in some cases. You can add a column of random numbers to your spreadsheet using the =RAND() formula, then sort by this column.
How Does a Firewall Work Step by Step? What Is a Firewall and How Does…
ROADTools is a powerful framework designed for exploring and interacting with Microsoft Azure Active Directory…
Microsoft 365 Groups (also known as M365 Groups or Unified Groups) are at the heart…
SeamlessPass is a specialized tool designed to leverage on-premises Active Directory Kerberos tickets to obtain…
PPLBlade is a powerful Protected Process Dumper designed to capture memory from target processes, hide…
HikPwn: Comprehensive Guide to Scanning Hikvision Devices for Vulnerabilities If you’re searching for an efficient…