Skip to content

Latest commit

 

History

History
75 lines (40 loc) · 3.59 KB

README.md

File metadata and controls

75 lines (40 loc) · 3.59 KB

OpenBullet Cookie Edition


OpenBullet Cookie Edition is a webtesting suite that allows to perform requests towards a target webapp and offers a lot of tools to work with the results. This software can be used for scraping and parsing data, automated pentesting, unit testing through selenium and much more.

IMPORTANT! Performing (D)DoS attacks or credential stuffing on sites you do not own (or you do not have permission to test) is illegal! The developer will not be held responsible for improper use of this software.

Runner

How to build

  1. Make sure you have installed the .NET framework (dev) 4.7.2.
  2. Clone this repository and open the solution file with Visual Studio.
  3. Switch to Release mode for a much cleaner output.
  4. Build the solution (Visual Studio will fetch all the missing nuget packages).
  5. You can find the executables inside the folders OpenBullet/bin/Release and OpenBulletCLI/bin/Release.

OpenBullet Cookie Edition Building Configs Guide


# What can this bullet do?

It is needed to work with your cookies.

In the Cookies section you can add a folder with logs, the bullet will automatically find all the cookies inside all the logs.

When creating a config, you must select the config type: CE (Cookie Edition)

image

CookieEdition - the config will work with Cookies files Default - a normal standard config that works with Combolists and Wordlists

After you have created a config with the CookieEdition type, you definitely need to add a block that works with cookies. It's called Cookie Container.

image

What is Cookie Container?

image

Variable Name is the name of the variable in which the cookie will be placed and in the future you will be able to interact with it.

Input string - the string in which you place the path to the cookie file. To do this, we need to add the variable there is a variable that stores a link to the path to the cookie file.

image

Domain is a required field to fill out if you want everything to work correctly. This is the domain by which cookies will be searched in the cookie file.

Save netscape? - if this option is active, then the variable (which you do not see and do not set) is filled with an unprocessed cookie in the Netscape format, which goes there directly from the log. This option is needed if you want to save valid cookies.

Let's move on. #How to debug this config?

It is necessary to specify the CE format instead of Default and then specify the path to the file with cookies.

030924

WE CREATE A GET REQUEST!

But first, I advise you to validate the cookie, if you don’t do this, then screw it!!!

For your service it may be something else, but for most cookies the most important thing in a cookie is sessionid - if it is not there, then you can safely throw the cookie into trouble, since without sessionid (or any other needed cookie value ) the rest of that domains's cookies have no meaning.

Create a get request: