Mass Assigner is a strong device designed to determine and exploit mass project vulnerabilities in internet functions. It achieves this by first retrieving information from a specified request, reminiscent of fetching consumer profile information. Then, it systematically makes an attempt to use every parameter extracted from the response to a second request supplied, one parameter at a time. This method permits for the automated testing and exploitation of potential mass project vulnerabilities.
Disclaimer
This device actively modifies server-side information. Please guarantee you’ve got correct authorization earlier than use. Any unauthorized or criminal activity utilizing this device is totally at your personal danger.
Options
- Permits the addition of customized headers inside requests
- Presents customization of varied HTTP strategies for each origin and goal requests
- Helps rate-limiting to handle request thresholds successfully
- Supplies the choice to specify “ignored parameters” which the device will ignore throughout execution
- Improved the help in nested arrays/objects inside JSON information in responses
What’s Subsequent
- Help extra content material varieties, reminiscent of “software/x-www-form-urlencoded”
Set up & Utilization
Set up necessities
pip3 set up -r necessities.txt
Run the script
python3 mass_assigner.py --fetch-from "http://instance.com/path-to-fetch-data" --target-req "http://instance.com/path-to-probe-the-data"
Arguments
Forbidden Buster accepts the next arguments:
-h, --help present this assist message and exit
--fetch-from FETCH_FROM
URL to fetch information from
--target-req TARGET_REQ
URL to ship modified information to
-H HEADER, --header HEADER
Add a customized header. Format: 'Key: Worth'
-p PROXY, --proxy PROXY
Use Proxy, Utilization i.e: http://127.0.0.1:8080.
-d DATA, --data DATA Add information to the request physique. JSON is supported with escaping.
--rate-limit RATE_LIMIT
Variety of requests per second
--source-method SOURCE_METHOD
HTTP technique for the preliminary request. Default is GET.
--target-method TARGET_METHOD
HTTP technique for the modified request. Default is PUT.
--ignore-params IGNORE_PARAMS
Parameters to disregard throughout modification, separated by comma.
Instance Utilization:
python3 mass_assigner.py --fetch-from "http://instance.com/api/v1/me" --target-req "http://instance.com/api/v1/me" --header "Authorization: Bearer XXX" --proxy "http://proxy.instance.com" --data '{"param1": "check", "param2":true}'