PwnBack requires PhantomJS to run. To understand why it is required currently see the section PhantomsJS.
The plugin has several settings that a user can define depending on their hardware setup.
- PhantomJS WebDrivers
- The number of Firefox headless browsers to open. Be mindful of Burp Suite’s memory settings
- HTTP Response Parsers
- These are responsible for parsing requests generated by the WebDriver. You may gain very little by increasing this number.
- Start Year
- How far back in a Website’s history you’d like to traverse.
- End Year
- When to stop looking at a Website’s History
- PhantomJS Location
- The location of the PhantomJS binary
- Output Folder
- Where to save results when the Export Results button is pressed
- The domain name to crawl. example.com, example.org, etc.
- CA Bundle
- The CA certificate you wish to use for PhantomJS. You shouldn’t need this, however, check Troubleshooting if no traffic is being generated.
Also ReadSQLMap v1.2.9 – Automatic SQL Injection & Database Takeover Tool
In BurpSuite open the Extender Tab
Click the Add button
Locate the jar file included in this repo.
The current version of is v1.7.21, I am unable to guarantee backward support.
Run the following commands
git clone https://github.com/k4ch0w/PwnBack.git cd PwnBack ./gradlew fatJar
There is an issue with the JVM’s Cert storage on certain computers and the SSL certificate provided by archive.org If you see no traffic being generate run the following command and provide the path to the CA-Bundle
curl --remote-name --time-cond cacert.pem https://curl.haxx.se/ca/cacert.pem