ZIP File Raider – Burp Extension for ZIP File Payload Testing
ZIP File Raider is a Burp Suite extension for attacking web application with ZIP file upload functionality. You can easily inject Burp Scanner/Repeater payloads in ZIP content of the HTTP requests which is not feasible by default. This extension helps to automate the extraction and compression steps.
ZIP File Raider Installation
- Set up Jython standalone Jar in Extender > Options > Python Environment > “Select file…”.
- Add ZIP File Raider extension in Extender > Extensions > Add > CompressedPayloads.py (Extension type: Python)
Also ReadDeepSearch – Advanced Web Dir Scanner For Bruteforce
How to use?
Send the HTTP request with a compressed file to the ZIP File Raider
First, right click on the HTTP request with a compressed file in HTTP body and then select “Send request to ZIP File Raider extender Repeater” or Scanner.
![](data:image/svg+xml;charset=utf-8,<svg height="998px" width="1340px" xmlns="http://www.w3.org/2000/svg" version="1.1"/>)
Repeater
This Repeater tab makes it possible to edit the content of the compressed file and then repeats it to the server promptly.
![](data:image/svg+xml;charset=utf-8,<svg height="1414px" width="2560px" xmlns="http://www.w3.org/2000/svg" version="1.1"/>)
Descriptions for ZIP File Raider – Repeater tab:
- Files and folders pane – list of files and folders in the compressed file which is sent from the previous step (Send request to …), select a file to edit its content.
- Edit pane – edit the content of selected file in text or hex mode (press “Save” after editing one file if you want to edit multiple files in a ZIP file).
- Request/Response pane – The HTTP request/response will be shown in this pane after clicking on the “Compress & Go” button.
Scanner
This Scanner tab is used for setting the §insertion point§ in the content of the ZIP file before sending it to Burp Scanner.
Descriptions for ZIP File Raider – Scanner tab:
- Files and folders pane – list of files and folders in the compressed file which is sent from the previous step (Send request to …), select a file that you want to set the §insertion points§.
- Set insertion point pane – set insertion point in the content of the selected file by clicking on the “Set insertion point” button. (The insertion point will be enclosed with a pair of § symbol)
- Config/Status pane – config the scanner and show the scanner status (Not Running/Running).
![](data:image/svg+xml;charset=utf-8,<svg height="40px" width="141px" xmlns="http://www.w3.org/2000/svg" version="1.1"/>)
You can follow us on Linkedin, Twitter, Facebook for daily Cybersecurity updates also you can take the Best Cybersecurity courses online to keep your self-updated.
Recent Posts
JBDev : A Tool For Jailbreak And TrollStore Development
JBDev is a specialized development tool designed to streamline the creation and debugging of jailbreak…
Kereva LLM Code Scanner : A Revolutionary Tool For Python Applications Using LLMs
The Kereva LLM Code Scanner is an innovative static analysis tool tailored for Python applications…
Nuclei-Templates-Labs : A Hands-On Security Testing Playground
Nuclei-Templates-Labs is a dynamic and comprehensive repository designed for security researchers, learners, and organizations to…
SSH-Stealer : The Stealthy Threat Of Advanced Credential Theft
SSH-Stealer and RunAs-Stealer are malicious tools designed to stealthily harvest SSH credentials, enabling attackers to…
ollvm-unflattener : A Tool For Reversing Control Flow Flattening In OLLVM
Control flow flattening is a common obfuscation technique used by OLLVM (Obfuscator-LLVM) to transform executable…
Cybersecurity – Tools And Their Function
Cybersecurity tools play a critical role in safeguarding digital assets, systems, and networks from malicious…