Projects STRLCPY param-miner Commits 11e8d71c
🤬
  • Update readme for Entanglement, bump version

  • Loading...
  • James committed 4 years ago
    11e8d71c
    1 parent f4ccaac0
  • ■ ■ ■ ■ ■ ■
    BappManifest.bmf
    skipped 1 lines
    2 2  ExtensionType: 1
    3 3  Name: Param Miner
    4 4  RepoName: param-miner
    5  -ScreenVersion: 1.07
    6  -SerialVersion: 4
     5 +ScreenVersion: 1.20
     6 +SerialVersion: 5
    7 7  MinPlatformVersion: 0
    8 8  ProOnly: False
    9 9  Author: James 'albinowax' Kettle, PortSwigger Web Security
    skipped 4 lines
  • ■ ■ ■ ■ ■ ■
    README.md
    skipped 10 lines
    11 11  You can also launch guessing attacks on multiple selected requests at the same time - this will use a thread pool so you can safely use it on thousands of requests if you want.
    12 12  Alternatively, you can enable auto-mining of all in scope traffic. Please note that this tool is designed to be highly scalable but may require tuning to avoid performance issues.
    13 13   
    14  -For further information, please refer to the whitepaper at https://portswigger.net/blog/practical-web-cache-poisoning
     14 +For further information, please refer to the whitepapers:
     15 + 
     16 +2020: https://portswigger.net/research/web-cache-entanglement
     17 + 
     18 +2018: https://portswigger.net/research/practical-web-cache-poisoning
    15 19   
    16 20  The code can be found at https://github.com/portswigger/param-miner
    17 21   
    skipped 1 lines
    19 23   
    20 24  Contributions and feature requests are welcome.
    21 25   
     26 +**Web Cache Entanglement update**
     27 + 
     28 +Here's a video of the new features being used to find a fat GET cache poisoning vulnerability in a demo site using Rack::Cache
     29 + 
     30 +[![Param Miner demo video](https://img.youtube.com/vi/TQ42N8fqxw4/0.jpg)](https://www.youtube.com/watch?v=TQ42N8fqxw4)
     31 + 
     32 +Another video targeting a real site is coming soon - I'm just waiting on the target to patch.
     33 + 
    22 34  # Changelog
     35 +**1.20 2020-08-05**
     36 + - Major update for Web Cache Entanglement
     37 + 
    23 38  **1.07 2018-12-06**
    24 39   - Fix config window size for small screens (thanks @misoxxx)
    25 40  
    skipped 15 lines
  • ■ ■ ■ ■
    src/burp/BurpExtender.java
    skipped 22 lines
    23 23   
    24 24  public class BurpExtender implements IBurpExtender, IExtensionStateListener {
    25 25   private static final String name = "Param Miner";
    26  - private static final String version = "1.08";
     26 + private static final String version = "1.20";
    27 27   private ThreadPoolExecutor taskEngine;
    28 28   public static List<Scan> scans = new ArrayList<>();
    29 29   
    skipped 461 lines
Please wait...
Page is in error, reload to recover