Categories: Kali Linux

PwnBack – Burp Extender Plugin That Generates A Sitemap Of A Website Using Wayback Machine

PwnBack requires PhantomJS to run. To understand why it is required currently see the section PhantomsJS.

The plugin has several settings that a user can define depending on their hardware setup.

  • PhantomJS WebDrivers
    • The number of Firefox headless browsers to open. Be mindful of Burp Suite’s memory settings
  • HTTP Response Parsers
    • These are responsible for parsing requests generated by the WebDriver. You may gain very little by increasing this number.
  • Start Year
    • How far back in a Website’s history you’d like to traverse.
  • End Year
    • When to stop looking at a Website’s History
  • PhantomJS Location
    • The location of the PhantomJS binary
  • Output Folder
    • Where to save results when the Export Results button is pressed
  • Domain
    • The domain name to crawl. example.com, example.org, etc.
  • CA Bundle
    • The CA certificate you wish to use for PhantomJS. You shouldn’t need this, however, check Troubleshooting if no traffic is being generated.

Also ReadSQLMap v1.2.9 – Automatic SQL Injection & Database Takeover Tool

PwnBack Installation

In BurpSuite open the Extender Tab

Click the Add button

Locate the jar file included in this repo.

The current version of is v1.7.21, I am unable to guarantee backward support.

Build

Run the following commands

git clone https://github.com/k4ch0w/PwnBack.git
cd PwnBack
./gradlew fatJar

Troubleshooting

There is an issue with the JVM’s Cert storage on certain computers and the SSL certificate provided by archive.org If you see no traffic being generate run the following command and provide the path to the CA-Bundle

curl --remote-name --time-cond cacert.pem https://curl.haxx.se/ca/cacert.pem

Credit: Paul Ganea

R K

Recent Posts

Pystinger : Bypass Firewall For Traffic Forwarding Using Webshell

Pystinger is a Python-based tool that enables SOCKS4 proxying and port mapping through webshells. It…

1 week ago

CVE-Search : A Tool To Perform Local Searches For Known Vulnerabilities

Introduction When it comes to cybersecurity, speed and privacy are critical. Public vulnerability databases like…

1 week ago

CVE-Search : A Tool To Perform Local Searches For Known Vulnerabilities

Introduction When it comes to cybersecurity, speed and privacy are critical. Public vulnerability databases like…

1 week ago

How to Bash Append to File: A Simple Guide for Beginners

If you are working with Linux or writing bash scripts, one of the most common…

1 week ago

Mastering the Bash Case Statement with Simple Examples

What is a bash case statement? A bash case statement is a way to control…

1 week ago

How to Check if a File Exists in Bash – Simply Explained

Why Do We Check Files in Bash? When writing a Bash script, you often work…

2 weeks ago