Categories: Kali Linux

PwnBack – Burp Extender Plugin That Generates A Sitemap Of A Website Using Wayback Machine

PwnBack requires PhantomJS to run. To understand why it is required currently see the section PhantomsJS.

The plugin has several settings that a user can define depending on their hardware setup.

  • PhantomJS WebDrivers
    • The number of Firefox headless browsers to open. Be mindful of Burp Suite’s memory settings
  • HTTP Response Parsers
    • These are responsible for parsing requests generated by the WebDriver. You may gain very little by increasing this number.
  • Start Year
    • How far back in a Website’s history you’d like to traverse.
  • End Year
    • When to stop looking at a Website’s History
  • PhantomJS Location
    • The location of the PhantomJS binary
  • Output Folder
    • Where to save results when the Export Results button is pressed
  • Domain
    • The domain name to crawl. example.com, example.org, etc.
  • CA Bundle
    • The CA certificate you wish to use for PhantomJS. You shouldn’t need this, however, check Troubleshooting if no traffic is being generated.

Also ReadSQLMap v1.2.9 – Automatic SQL Injection & Database Takeover Tool

PwnBack Installation

In BurpSuite open the Extender Tab

Click the Add button

Locate the jar file included in this repo.

The current version of is v1.7.21, I am unable to guarantee backward support.

Build

Run the following commands

git clone https://github.com/k4ch0w/PwnBack.git
cd PwnBack
./gradlew fatJar

Troubleshooting

There is an issue with the JVM’s Cert storage on certain computers and the SSL certificate provided by archive.org If you see no traffic being generate run the following command and provide the path to the CA-Bundle

curl --remote-name --time-cond cacert.pem https://curl.haxx.se/ca/cacert.pem

Credit: Paul Ganea

R K

Recent Posts

Playwright-MCP : A Powerful Tool For Browser Automation

Playwright-MCP (Model Context Protocol) is a cutting-edge tool designed to bridge the gap between AI…

2 weeks ago

JBDev : A Tool For Jailbreak And TrollStore Development

JBDev is a specialized development tool designed to streamline the creation and debugging of jailbreak…

2 weeks ago

Kereva LLM Code Scanner : A Revolutionary Tool For Python Applications Using LLMs

The Kereva LLM Code Scanner is an innovative static analysis tool tailored for Python applications…

2 weeks ago

Nuclei-Templates-Labs : A Hands-On Security Testing Playground

Nuclei-Templates-Labs is a dynamic and comprehensive repository designed for security researchers, learners, and organizations to…

2 weeks ago

SSH-Stealer : The Stealthy Threat Of Advanced Credential Theft

SSH-Stealer and RunAs-Stealer are malicious tools designed to stealthily harvest SSH credentials, enabling attackers to…

2 weeks ago

ollvm-unflattener : A Tool For Reversing Control Flow Flattening In OLLVM

Control flow flattening is a common obfuscation technique used by OLLVM (Obfuscator-LLVM) to transform executable…

2 weeks ago