BrowserBruter: A powerful web form fuzzing automation tool
The Browser-Bruter
The Browser-Bruter is the first ever browser-based automated web pentesting tool for fuzzing web forms by controlling the browser it self. It automates the process of sending payloads to input fields of the browser and sends them to server. It completely bypasses the need of breaking the encryption to fuzz and insert payloads in BurpSuite scanner and intruder. After fuzzing it generates a comprehensive report including all the data and results of the pentest along with HTTP traffic, this report can be viewed by The Report-Explorer tool which comes with The Browser-Bruter.
What does it do?
The biggest advantage of using browser bruter for fuzzing the web application is that all of the fuzzing will take place at the browser level, so all of the attacks will be as they have been manually done by the user by typing payloads in the input fields of the web application on browser.
This approach –
-
Allows Pentester to fuzz the web application forms when the HTTP body (or part of the body) is encrypted making HTTP proxy tools like ZAP and BurpSuite or SQLMap unable to insert payloads in such traffic. Learn more here.
-
Creates a way to bypass captchas by allowing the pentester to manually perform the required human interactions and then proceed to payload insertions.
-
Can fuzz front-end when there is no HTTP traffic, for example when Input is utilized on the client side, i.e. when you want to brute force OTP input which is validated on the client side, so there is no HTTP Traffic.
-
Removes the burden of session management, auth handling, and other micro management like CSRF handling while using HTTP proxy tools.
Features
- Bypass Encryption
- Multiple Attack Modes 1. Sniper 2. Battering Ram 3. PitchFork 4. Cluster Bomb
- Guaranteed Report Generation even in crash
- Advance In-Built Report Exploration Tool – The Report Explorer
- BurpSuite Support
- Customize the Final Report
- Customize the Attack Scope
- Completely or Partially Automate Browsers as per need using Interactive mode
- Extremely Stealthy
- Session Handling
- Bypass Captchas
- Bypass Input Validation
- Log Tracking
- Error Handling
- Can be As fast as you want!
- Take Full Control of the Browser
- Take Full Control of fuzzing
- Get insights of the attack
- Pause – Resume the attack in middle
- Extendable Beyond the Core Capabilities
- Continue The Previously Crashed Attack
- Can Fuzz various types of input elements
- Modify web pages on fly
Install & Use
Copyright (C) 2024 netsquare
