Skip to content

lulukelu/hackbar

BranchesTags
 
 

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

104 Commits
css
css
 
 
fonts
fonts
 
 
images
images
 
 
payloads
payloads
 
 
scripts
scripts
 
 
.gitignore
.gitignore
 
 
README.md
README.md
 
 
devtools.html
devtools.html
 
 
index.html
index.html
 
 
manifest.json
manifest.json
 
 

Repository files navigation

HackBar

HackBar for Chrome.

Available on Chrome Web Store.

Requested Permissions

  • tabs
  • webRequest
  • webRequestBlocking

Features

  • Supported methods

  • Auto Test

    • Common paths (Wordlist from dirsearch included)

  • SQLi

    • Dump all database names (MySQL, PostgreSQL)
    • Dump tables from database (MySQL, PostgreSQL, SQLite)
    • Dump columns from database (MySQL, PostgreSQL, SQLite)
    • Union select statement (MySQL, PostgreSQL, SQLite)
    • Error-based injection statement (MySQL, PostgreSQL)
    • Dump in one shot payload (MySQL)
    • Dump current query payload (MySQL)
    • Space to Inline comment

  • XSS

    • Html encode/decode
    • String.fromCharCode encode/decode

  • LFI

    • PHP wrapper - Base64

  • SSTI

  • Encoding

    • URL encode/decode
    • Base64 encode/decode
    • Hexadecimal encode/decode
    • Unicode encode/decode

  • Hashing

    • MD5
    • SHA1
    • SHA256
    • SHA512

Usage

How to open it?

  1. Open Developer tools (Press F12 or Ctrl + Shift + I)
  2. Switch to HackBar tab
  3. Enjoy it

Shortcuts

Description Default Mac
Load Alt + A Control + A
Split Alt + S Control + S
Execute Alt + X Control + X

Supported enctype

multipart/form-data

After changing enctype field to multipart/form-data, you can put your payload into Body field such as the following:

------WebKitFormBoundarydbJBATDXCC6CL0lZ Content-Disposition: form-data; name="user" user ------WebKitFormBoundarydbJBATDXCC6CL0lZ Content-Disposition: form-data; name="file"; filename="shell.php" Content-Type: application/x-httpd-php <?php passthru($_GET['c']); ?> ------WebKitFormBoundarydbJBATDXCC6CL0lZ--

We will consider the first line as boundary, and reconstruct a form element to send your request.

Therefore, sent boundary will not be the same as your typed.

application/json

After changing enctype field to application/json, you can put your payload into Body field such as the following:

{ "username": "admin", "password": "admin" }

In order to post JSON data, we will insert a dummy field or object to your JSON such as the following:

{"username":"admin","password":"admin","4dxnzjzd5mi":"="}

For more details, please visit "Posting JSON with an HTML Form".

Third-party Libraries

Contributor

About

A Chrome Extension for Penetration Testing

Resources

Readme
Activity

Stars

0 stars

Watchers

0 watching

Forks

0 forks
Report repository

Releases

No releases published

Packages

 
 
 

Contributors

Languages

  • JavaScript 55.9%
  • HTML 37.2%
  • CSS 6.9%