Categories: Kali Linux

PwnBack – Burp Extender Plugin That Generates A Sitemap Of A Website Using Wayback Machine

PwnBack requires PhantomJS to run. To understand why it is required currently see the section PhantomsJS.

The plugin has several settings that a user can define depending on their hardware setup.

  • PhantomJS WebDrivers
    • The number of Firefox headless browsers to open. Be mindful of Burp Suite’s memory settings
  • HTTP Response Parsers
    • These are responsible for parsing requests generated by the WebDriver. You may gain very little by increasing this number.
  • Start Year
    • How far back in a Website’s history you’d like to traverse.
  • End Year
    • When to stop looking at a Website’s History
  • PhantomJS Location
    • The location of the PhantomJS binary
  • Output Folder
    • Where to save results when the Export Results button is pressed
  • Domain
    • The domain name to crawl. example.com, example.org, etc.
  • CA Bundle
    • The CA certificate you wish to use for PhantomJS. You shouldn’t need this, however, check Troubleshooting if no traffic is being generated.

Also ReadSQLMap v1.2.9 – Automatic SQL Injection & Database Takeover Tool

PwnBack Installation

In BurpSuite open the Extender Tab

Click the Add button

Locate the jar file included in this repo.

The current version of is v1.7.21, I am unable to guarantee backward support.

Build

Run the following commands

git clone https://github.com/k4ch0w/PwnBack.git
cd PwnBack
./gradlew fatJar

Troubleshooting

There is an issue with the JVM’s Cert storage on certain computers and the SSL certificate provided by archive.org If you see no traffic being generate run the following command and provide the path to the CA-Bundle

curl --remote-name --time-cond cacert.pem https://curl.haxx.se/ca/cacert.pem

Credit: Paul Ganea

R K

Recent Posts

Cybersecurity – Tools And Their Function

Cybersecurity tools play a critical role in safeguarding digital assets, systems, and networks from malicious…

15 hours ago

MODeflattener – Miasm’s OLLVM Deflattener

MODeflattener is a specialized tool designed to reverse OLLVM's control flow flattening obfuscation through static…

15 hours ago

My Awesome List : Tools And Their Functions

"My Awesome List" is a curated collection of tools, libraries, and resources spanning various domains…

15 hours ago

Chrome Browser Exploitation, Part 3 : Analyzing And Exploiting CVE-2018-17463

CVE-2018-17463, a type confusion vulnerability in Chrome’s V8 JavaScript engine, allowed attackers to execute arbitrary…

15 hours ago

Chrome Browser Exploitation, Part 1 : Introduction To V8 And JavaScript Internals

The blog post "Chrome Browser Exploitation, Part 1: Introduction to V8 and JavaScript Internals" provides…

16 hours ago

Chrome Browser Exploitation, Part 3: Analyzing and Exploiting CVE-2018-17463

The exploitation of CVE-2018-17463, a type confusion vulnerability in Chrome’s V8 JavaScript engine, relies on…

18 hours ago