GatherContacts is a Burp Suite Extension to pull Employee Names from Google and Bing LinkedIn Search Results.
As part of reconnaissance when performing a penetration test, it is often useful to gather employee names that can then be massaged into email addresses and usernames. The usernames may come in handy for performing a password spraying attack for example. One easy way to gather employee names is to use the following Burp Suite Pro extension as described below.
To collect employee names with Burp, you’ll need to do the following steps.
Also ReadSQLMap v1.2.9 – Automatic SQL Injection & Database Takeover Tool
This extension uses the jsoup Java library. You will need to download jsoup and tell Burp where to find it as shown below.
Add the “Gather Contacts” extension from the Extender–>Extensions tab as shown below:
Click Add–>SelectFile … and browse to the “GatherContacts.jar” file that you download from this repository.
Configure the Extension to save output to a file. This is where your usernames will be written. You can optionally select the “Show in UI” option, but the output window truncates items when the list gets too long.
Configure your browser to use Burp as a proxy as you normally would. From the browser, do a Google or Bing search of the following form (don’t forget the “/in” on the end of “linkedin.com”:
site:linkedin.com/in “Company Name”
Each of the employee names in the search results will be written to the output file you specified, as a tab delimited list. You can click on additional pages of results to get more employee names written to the file.
You can gather a large list of employee names quickly and easily with this method. Try importing the list into Microsoft Excel where you can use formulas to turn employee names into the appropriate username format such as first initial followed by last name.
When you are done, unload the Extension so you don’t burden Burp with inspecting all responses.
Note: If you aren’t getting a name written to the output file as you expect, it could be that the name was already ouput by the extension since it was loaded. To reset everything, unload (uncheck) the extension and then reload it.
For those of you not familiar with Excel formula’s, here are some formulas for creating usernames and email addresses from the output above. (Assume column B contains the first name and column C contains the last name)
Randomize the order of your username list before spraying to avoid being detected in some cases. You can add a column of random numbers to your spreadsheet using the =RAND() formula, then sort by this column.
Learning Without Walls Remote education has long been a lifeline for students in rural areas…
Have you ever come across a picture on the internet and wondered where it came…
Overview WhatsMyName is a free, community-driven OSINT tool designed to identify where a username exists…
Managing disk usage is a crucial task for Linux users and administrators alike. Understanding which…
Efficient disk space management is vital in Linux, especially for system administrators who manage servers…
Knowing how to check directory sizes in Linux is essential for managing disk space and…