├── Ghazi-1.1.jar
├── Ghazi
├── Compiled_Jar
│ └── Ghazi-1.1.jar
├── META-INF
│ ├── MANIFEST.MF
│ └── maven
│ │ └── com.ghazi
│ │ └── Ghazi
│ │ ├── pom.properties
│ │ └── pom.xml
└── src
│ └── main
│ └── java
│ ├── burp
│ └── BurpExtender.java
│ └── tabs
│ ├── LFITabFactory.java
│ ├── RCETabFactory.java
│ ├── SQLTabFactory.java
│ ├── SSRFTabFactory.java
│ ├── SSTITabFactory.java
│ └── XSSTabFactory.java
└── README.md
/Ghazi-1.1.jar:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/p3n73st3r/Ghazi/9d4c4d267d70bd803e8bc470dbb225dd3a730aaa/Ghazi-1.1.jar
--------------------------------------------------------------------------------
/Ghazi/Compiled_Jar/Ghazi-1.1.jar:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/p3n73st3r/Ghazi/9d4c4d267d70bd803e8bc470dbb225dd3a730aaa/Ghazi/Compiled_Jar/Ghazi-1.1.jar
--------------------------------------------------------------------------------
/Ghazi/META-INF/MANIFEST.MF:
--------------------------------------------------------------------------------
1 | Manifest-Version: 1.0
2 | Archiver-Version: Plexus Archiver
3 | Created-By: Apache Maven
4 | Built-By: The Alien
5 | Build-Jdk: 1.8.0_171
6 |
7 |
--------------------------------------------------------------------------------
/Ghazi/META-INF/maven/com.ghazi/Ghazi/pom.properties:
--------------------------------------------------------------------------------
1 | #Generated by Maven
2 | #Mon Feb 11 23:46:07 PKT 2019
3 | version=1.1
4 | groupId=com.ghazi
5 | artifactId=Ghazi
6 |
--------------------------------------------------------------------------------
/Ghazi/META-INF/maven/com.ghazi/Ghazi/pom.xml:
--------------------------------------------------------------------------------
1 |
2 |
3 | 4.0.0
4 | com.ghazi
5 | Ghazi
6 | 1.1
7 | jar
8 |
9 | UTF-8
10 | 1.7
11 | 1.7
12 |
13 | Ghazi
14 |
--------------------------------------------------------------------------------
/Ghazi/src/main/java/burp/BurpExtender.java:
--------------------------------------------------------------------------------
1 | package burp;
2 |
3 | import java.io.PrintWriter;
4 |
5 | import tabs.SQLTabFactory;
6 | import tabs.XSSTabFactory;
7 | import tabs.RCETabFactory;
8 | import tabs.LFITabFactory;
9 | import tabs.SSRFTabFactory;
10 | import tabs.SSTITabFactory;
11 | import tabs.BXSSTabFactory;
12 |
13 | public class BurpExtender implements IBurpExtender{
14 |
15 | private XSSTabFactory factory1;
16 | private SQLTabFactory factory2;
17 | private RCETabFactory factory3;
18 | private LFITabFactory factory4;
19 | private SSRFTabFactory factory5;
20 | private SSTITabFactory factory6;
21 | private BXSSTabFactory factory7;
22 |
23 |
24 | @Override
25 | public void registerExtenderCallbacks(IBurpExtenderCallbacks callbacks)
26 | {
27 | PrintWriter stdout = new PrintWriter(callbacks.getStdout(), true);
28 |
29 | callbacks.setExtensionName("Ghazi 1.1");
30 | factory1 = new XSSTabFactory(callbacks);
31 | factory2 = new SQLTabFactory(callbacks);
32 | factory3 = new RCETabFactory(callbacks);
33 | factory4 = new LFITabFactory(callbacks);
34 | factory5 = new SSRFTabFactory(callbacks);
35 | factory6 = new SSTITabFactory(callbacks);
36 | factory7 = new BXSSTabFactory(callbacks);
37 | callbacks.registerMessageEditorTabFactory(factory1);
38 | callbacks.registerMessageEditorTabFactory(factory2);
39 | callbacks.registerMessageEditorTabFactory(factory3);
40 | callbacks.registerMessageEditorTabFactory(factory4);
41 | callbacks.registerMessageEditorTabFactory(factory5);
42 | callbacks.registerMessageEditorTabFactory(factory6);
43 | callbacks.registerMessageEditorTabFactory(factory7);
44 |
45 | stdout.println("Thank You For Using Ghazi 1.1");
46 | stdout.println("Contributors:\n\tKazam Chaudhary (twitter.com/p3n73st3r)\n\tKashif Hussain\n\tIjaz Ur Rahim fb\\MisterDebugger");
47 | stdout.println("Installation complete.");
48 | }
49 |
50 |
51 | }
--------------------------------------------------------------------------------
/Ghazi/src/main/java/tabs/LFITabFactory.java:
--------------------------------------------------------------------------------
1 | package tabs;
2 |
3 | import java.awt.Component;
4 | import java.io.PrintWriter;
5 | import java.util.List;
6 |
7 | import burp.IBurpExtenderCallbacks;
8 | import burp.IExtensionHelpers;
9 | import burp.IMessageEditorController;
10 | import burp.IMessageEditorTab;
11 | import burp.IMessageEditorTabFactory;
12 | import burp.IParameter;
13 | import burp.IRequestInfo;
14 | import burp.ITextEditor;
15 |
16 | public class LFITabFactory implements IMessageEditorTabFactory{
17 |
18 | private IBurpExtenderCallbacks callbacks;
19 | private IExtensionHelpers helpers;
20 | private PrintWriter stdout;
21 |
22 |
23 | public LFITabFactory(IBurpExtenderCallbacks callbacks) {
24 | this.callbacks = callbacks;
25 | helpers = callbacks.getHelpers();
26 | stdout = new PrintWriter(callbacks.getStdout(), true);
27 | }
28 |
29 | @Override
30 | public IMessageEditorTab createNewInstance(IMessageEditorController controller, boolean editable)
31 | {
32 | return new SQLTab(controller, editable);
33 | }
34 |
35 | class SQLTab implements IMessageEditorTab{
36 | private boolean editable;
37 | private ITextEditor txtInput;
38 | private byte[] currentMessage;
39 |
40 | public SQLTab(IMessageEditorController controller, boolean editable)
41 | {
42 | this.editable = editable;
43 | txtInput = callbacks.createTextEditor();
44 | txtInput.setEditable(editable);
45 | }
46 |
47 | @Override
48 | public String getTabCaption()
49 | {
50 | return "LFI";
51 | }
52 |
53 | @Override
54 | public Component getUiComponent()
55 | {
56 | return txtInput.getComponent();
57 | }
58 |
59 | @Override
60 | public boolean isEnabled(byte[] content, boolean isRequest)
61 | {
62 | return isRequest;
63 | }
64 |
65 | @Override
66 | public void setMessage(byte[] content, boolean isRequest)
67 | {
68 | if (content == null)
69 | {
70 | txtInput.setText(null);
71 | txtInput.setEditable(false);
72 | }else{
73 | IRequestInfo reqInfo = helpers.analyzeRequest(content);
74 | List params = reqInfo.getParameters();
75 | byte paramType = reqInfo.getMethod().equals("GET")? IParameter.PARAM_URL : IParameter.PARAM_BODY;
76 |
77 | // sql injection payloads
78 | for(int i=0; i < params.size(); i++) {
79 | IParameter param = params.get(i);
80 | IParameter newParam = helpers.buildParameter(param.getName(), "../../../../../../../etc/passwd", paramType);
81 | if(param.getType() != IParameter.PARAM_COOKIE && !param.getName().contains("_csrf")) {
82 | content = helpers.updateParameter(content, newParam);
83 | }
84 | }
85 | txtInput.setText(content);
86 | txtInput.setEditable(editable);
87 | }
88 | // remember the displayed content
89 | currentMessage = content;
90 | }
91 |
92 | @Override
93 | public byte[] getMessage()
94 | {
95 | return currentMessage;
96 | }
97 |
98 | @Override
99 | public boolean isModified()
100 | {
101 | //return txtInput.isTextModified();
102 | return false; //always
103 | }
104 |
105 | @Override
106 | public byte[] getSelectedData()
107 | {
108 | return txtInput.getSelectedText();
109 | }
110 | }
111 | }
--------------------------------------------------------------------------------
/Ghazi/src/main/java/tabs/RCETabFactory.java:
--------------------------------------------------------------------------------
1 | package tabs;
2 |
3 | import java.awt.Component;
4 | import java.io.PrintWriter;
5 | import java.util.List;
6 |
7 | import burp.IBurpExtenderCallbacks;
8 | import burp.IExtensionHelpers;
9 | import burp.IMessageEditorController;
10 | import burp.IMessageEditorTab;
11 | import burp.IMessageEditorTabFactory;
12 | import burp.IParameter;
13 | import burp.IRequestInfo;
14 | import burp.ITextEditor;
15 |
16 | public class RCETabFactory implements IMessageEditorTabFactory{
17 |
18 | private IBurpExtenderCallbacks callbacks;
19 | private IExtensionHelpers helpers;
20 | private PrintWriter stdout;
21 |
22 |
23 | public RCETabFactory(IBurpExtenderCallbacks callbacks) {
24 | this.callbacks = callbacks;
25 | helpers = callbacks.getHelpers();
26 | stdout = new PrintWriter(callbacks.getStdout(), true);
27 | }
28 |
29 | @Override
30 | public IMessageEditorTab createNewInstance(IMessageEditorController controller, boolean editable)
31 | {
32 | return new SQLTab(controller, editable);
33 | }
34 |
35 | class SQLTab implements IMessageEditorTab{
36 | private boolean editable;
37 | private ITextEditor txtInput;
38 | private byte[] currentMessage;
39 |
40 | public SQLTab(IMessageEditorController controller, boolean editable)
41 | {
42 | this.editable = editable;
43 | txtInput = callbacks.createTextEditor();
44 | txtInput.setEditable(editable);
45 | }
46 |
47 | @Override
48 | public String getTabCaption()
49 | {
50 | return "RCE";
51 | }
52 |
53 | @Override
54 | public Component getUiComponent()
55 | {
56 | return txtInput.getComponent();
57 | }
58 |
59 | @Override
60 | public boolean isEnabled(byte[] content, boolean isRequest)
61 | {
62 | return isRequest;
63 | }
64 |
65 | @Override
66 | public void setMessage(byte[] content, boolean isRequest)
67 | {
68 | if (content == null)
69 | {
70 | txtInput.setText(null);
71 | txtInput.setEditable(false);
72 | }else{
73 | IRequestInfo reqInfo = helpers.analyzeRequest(content);
74 | List params = reqInfo.getParameters();
75 | byte paramType = reqInfo.getMethod().equals("GET")? IParameter.PARAM_URL : IParameter.PARAM_BODY;
76 |
77 | // sql injection payloads
78 | for(int i=0; i < params.size(); i++) {
79 | IParameter param = params.get(i);
80 | IParameter newParam = helpers.buildParameter(param.getName(), "';ls -lah;'", paramType);
81 | if(param.getType() != IParameter.PARAM_COOKIE && !param.getName().contains("_csrf")) {
82 | content = helpers.updateParameter(content, newParam);
83 | }
84 | }
85 | txtInput.setText(content);
86 | txtInput.setEditable(editable);
87 | }
88 | // remember the displayed content
89 | currentMessage = content;
90 | }
91 |
92 | @Override
93 | public byte[] getMessage()
94 | {
95 | return currentMessage;
96 | }
97 |
98 | @Override
99 | public boolean isModified()
100 | {
101 | //return txtInput.isTextModified();
102 | return false; //always
103 | }
104 |
105 | @Override
106 | public byte[] getSelectedData()
107 | {
108 | return txtInput.getSelectedText();
109 | }
110 | }
111 | }
--------------------------------------------------------------------------------
/Ghazi/src/main/java/tabs/SQLTabFactory.java:
--------------------------------------------------------------------------------
1 | package tabs;
2 |
3 | import java.awt.Component;
4 | import java.io.PrintWriter;
5 | import java.util.List;
6 |
7 | import burp.IBurpExtenderCallbacks;
8 | import burp.IExtensionHelpers;
9 | import burp.IMessageEditorController;
10 | import burp.IMessageEditorTab;
11 | import burp.IMessageEditorTabFactory;
12 | import burp.IParameter;
13 | import burp.IRequestInfo;
14 | import burp.ITextEditor;
15 |
16 | public class SQLTabFactory implements IMessageEditorTabFactory{
17 |
18 | private IBurpExtenderCallbacks callbacks;
19 | private IExtensionHelpers helpers;
20 | private PrintWriter stdout;
21 |
22 |
23 | public SQLTabFactory(IBurpExtenderCallbacks callbacks) {
24 | this.callbacks = callbacks;
25 | helpers = callbacks.getHelpers();
26 | stdout = new PrintWriter(callbacks.getStdout(), true);
27 | }
28 |
29 | @Override
30 | public IMessageEditorTab createNewInstance(IMessageEditorController controller, boolean editable)
31 | {
32 | return new SQLTab(controller, editable);
33 | }
34 |
35 | class SQLTab implements IMessageEditorTab{
36 | private boolean editable;
37 | private ITextEditor txtInput;
38 | private byte[] currentMessage;
39 |
40 | public SQLTab(IMessageEditorController controller, boolean editable)
41 | {
42 | this.editable = editable;
43 | txtInput = callbacks.createTextEditor();
44 | txtInput.setEditable(editable);
45 | }
46 |
47 | @Override
48 | public String getTabCaption()
49 | {
50 | return "SQLi";
51 | }
52 |
53 | @Override
54 | public Component getUiComponent()
55 | {
56 | return txtInput.getComponent();
57 | }
58 |
59 | @Override
60 | public boolean isEnabled(byte[] content, boolean isRequest)
61 | {
62 | return isRequest;
63 | }
64 |
65 | @Override
66 | public void setMessage(byte[] content, boolean isRequest)
67 | {
68 | if (content == null)
69 | {
70 | txtInput.setText(null);
71 | txtInput.setEditable(false);
72 | }else{
73 | IRequestInfo reqInfo = helpers.analyzeRequest(content);
74 | List params = reqInfo.getParameters();
75 | byte paramType = reqInfo.getMethod().equals("GET")? IParameter.PARAM_URL : IParameter.PARAM_BODY;
76 |
77 | // sql injection payloads
78 | for(int i=0; i < params.size(); i++) {
79 | IParameter param = params.get(i);
80 | IParameter newParam = helpers.buildParameter(param.getName(), "'", paramType);
81 | if(param.getType() != IParameter.PARAM_COOKIE && !param.getName().contains("_csrf")) {
82 | content = helpers.updateParameter(content, newParam);
83 | }
84 | }
85 | txtInput.setText(content);
86 | txtInput.setEditable(editable);
87 | }
88 | // remember the displayed content
89 | currentMessage = content;
90 | }
91 |
92 | @Override
93 | public byte[] getMessage()
94 | {
95 | return currentMessage;
96 | }
97 |
98 | @Override
99 | public boolean isModified()
100 | {
101 | //return txtInput.isTextModified();
102 | return false; //always
103 | }
104 |
105 | @Override
106 | public byte[] getSelectedData()
107 | {
108 | return txtInput.getSelectedText();
109 | }
110 | }
111 | }
--------------------------------------------------------------------------------
/Ghazi/src/main/java/tabs/SSRFTabFactory.java:
--------------------------------------------------------------------------------
1 | package tabs;
2 |
3 | import java.awt.Component;
4 | import java.io.PrintWriter;
5 | import java.util.List;
6 |
7 | import burp.IBurpExtenderCallbacks;
8 | import burp.IExtensionHelpers;
9 | import burp.IMessageEditorController;
10 | import burp.IMessageEditorTab;
11 | import burp.IMessageEditorTabFactory;
12 | import burp.IParameter;
13 | import burp.IRequestInfo;
14 | import burp.ITextEditor;
15 |
16 | public class SSRFTabFactory implements IMessageEditorTabFactory{
17 |
18 | private IBurpExtenderCallbacks callbacks;
19 | private IExtensionHelpers helpers;
20 | private PrintWriter stdout;
21 |
22 |
23 | public SSRFTabFactory(IBurpExtenderCallbacks callbacks) {
24 | this.callbacks = callbacks;
25 | helpers = callbacks.getHelpers();
26 | stdout = new PrintWriter(callbacks.getStdout(), true);
27 | }
28 |
29 | @Override
30 | public IMessageEditorTab createNewInstance(IMessageEditorController controller, boolean editable)
31 | {
32 | return new SQLTab(controller, editable);
33 | }
34 |
35 | class SQLTab implements IMessageEditorTab{
36 | private boolean editable;
37 | private ITextEditor txtInput;
38 | private byte[] currentMessage;
39 |
40 | public SQLTab(IMessageEditorController controller, boolean editable)
41 | {
42 | this.editable = editable;
43 | txtInput = callbacks.createTextEditor();
44 | txtInput.setEditable(editable);
45 | }
46 |
47 | @Override
48 | public String getTabCaption()
49 | {
50 | return "SSRF";
51 | }
52 |
53 | @Override
54 | public Component getUiComponent()
55 | {
56 | return txtInput.getComponent();
57 | }
58 |
59 | @Override
60 | public boolean isEnabled(byte[] content, boolean isRequest)
61 | {
62 | return isRequest;
63 | }
64 |
65 | @Override
66 | public void setMessage(byte[] content, boolean isRequest)
67 | {
68 | if (content == null)
69 | {
70 | txtInput.setText(null);
71 | txtInput.setEditable(false);
72 | }else{
73 | IRequestInfo reqInfo = helpers.analyzeRequest(content);
74 | List params = reqInfo.getParameters();
75 | byte paramType = reqInfo.getMethod().equals("GET")? IParameter.PARAM_URL : IParameter.PARAM_BODY;
76 |
77 | // sql injection payloads
78 | for(int i=0; i < params.size(); i++) {
79 | IParameter param = params.get(i);
80 | IParameter newParam = helpers.buildParameter(param.getName(), "http://scanme.nmap.org:22", paramType);
81 | if(param.getType() != IParameter.PARAM_COOKIE && !param.getName().contains("_csrf")) {
82 | content = helpers.updateParameter(content, newParam);
83 | }
84 | }
85 | txtInput.setText(content);
86 | txtInput.setEditable(editable);
87 | }
88 | // remember the displayed content
89 | currentMessage = content;
90 | }
91 |
92 | @Override
93 | public byte[] getMessage()
94 | {
95 | return currentMessage;
96 | }
97 |
98 | @Override
99 | public boolean isModified()
100 | {
101 | //return txtInput.isTextModified();
102 | return false; //always
103 | }
104 |
105 | @Override
106 | public byte[] getSelectedData()
107 | {
108 | return txtInput.getSelectedText();
109 | }
110 | }
111 | }
--------------------------------------------------------------------------------
/Ghazi/src/main/java/tabs/SSTITabFactory.java:
--------------------------------------------------------------------------------
1 | package tabs;
2 |
3 | import java.awt.Component;
4 | import java.io.PrintWriter;
5 | import java.util.List;
6 |
7 | import burp.IBurpExtenderCallbacks;
8 | import burp.IExtensionHelpers;
9 | import burp.IMessageEditorController;
10 | import burp.IMessageEditorTab;
11 | import burp.IMessageEditorTabFactory;
12 | import burp.IParameter;
13 | import burp.IRequestInfo;
14 | import burp.ITextEditor;
15 |
16 | public class SSTITabFactory implements IMessageEditorTabFactory{
17 |
18 | private IBurpExtenderCallbacks callbacks;
19 | private IExtensionHelpers helpers;
20 | private PrintWriter stdout;
21 |
22 |
23 | public SSTITabFactory(IBurpExtenderCallbacks callbacks) {
24 | this.callbacks = callbacks;
25 | helpers = callbacks.getHelpers();
26 | stdout = new PrintWriter(callbacks.getStdout(), true);
27 | }
28 |
29 | @Override
30 | public IMessageEditorTab createNewInstance(IMessageEditorController controller, boolean editable)
31 | {
32 | return new SQLTab(controller, editable);
33 | }
34 |
35 | class SQLTab implements IMessageEditorTab{
36 | private boolean editable;
37 | private ITextEditor txtInput;
38 | private byte[] currentMessage;
39 |
40 | public SQLTab(IMessageEditorController controller, boolean editable)
41 | {
42 | this.editable = editable;
43 | txtInput = callbacks.createTextEditor();
44 | txtInput.setEditable(editable);
45 | }
46 |
47 | @Override
48 | public String getTabCaption()
49 | {
50 | return "SSTI";
51 | }
52 |
53 | @Override
54 | public Component getUiComponent()
55 | {
56 | return txtInput.getComponent();
57 | }
58 |
59 | @Override
60 | public boolean isEnabled(byte[] content, boolean isRequest)
61 | {
62 | return isRequest;
63 | }
64 |
65 | @Override
66 | public void setMessage(byte[] content, boolean isRequest)
67 | {
68 | if (content == null)
69 | {
70 | txtInput.setText(null);
71 | txtInput.setEditable(false);
72 | }else{
73 | IRequestInfo reqInfo = helpers.analyzeRequest(content);
74 | List params = reqInfo.getParameters();
75 | byte paramType = reqInfo.getMethod().equals("GET")? IParameter.PARAM_URL : IParameter.PARAM_BODY;
76 |
77 | // sql injection payloads
78 | for(int i=0; i < params.size(); i++) {
79 | IParameter param = params.get(i);
80 | IParameter newParam = helpers.buildParameter(param.getName(), "{{191*7}}", paramType);
81 | if(param.getType() != IParameter.PARAM_COOKIE && !param.getName().contains("_csrf")) {
82 | content = helpers.updateParameter(content, newParam);
83 | }
84 | }
85 | txtInput.setText(content);
86 | txtInput.setEditable(editable);
87 | }
88 | // remember the displayed content
89 | currentMessage = content;
90 | }
91 |
92 | @Override
93 | public byte[] getMessage()
94 | {
95 | return currentMessage;
96 | }
97 |
98 | @Override
99 | public boolean isModified()
100 | {
101 | //return txtInput.isTextModified();
102 | return false; //always
103 | }
104 |
105 | @Override
106 | public byte[] getSelectedData()
107 | {
108 | return txtInput.getSelectedText();
109 | }
110 | }
111 | }
--------------------------------------------------------------------------------
/Ghazi/src/main/java/tabs/XSSTabFactory.java:
--------------------------------------------------------------------------------
1 | package tabs;
2 |
3 | import java.awt.Component;
4 | import java.io.PrintWriter;
5 | import java.util.List;
6 |
7 | import burp.IBurpExtenderCallbacks;
8 | import burp.IExtensionHelpers;
9 | import burp.IMessageEditorController;
10 | import burp.IMessageEditorTab;
11 | import burp.IMessageEditorTabFactory;
12 | import burp.IParameter;
13 | import burp.IRequestInfo;
14 | import burp.ITextEditor;
15 |
16 | public class XSSTabFactory implements IMessageEditorTabFactory{
17 |
18 | private IBurpExtenderCallbacks callbacks;
19 | private IExtensionHelpers helpers;
20 | private PrintWriter stdout;
21 |
22 |
23 | public XSSTabFactory(IBurpExtenderCallbacks callbacks) {
24 | this.callbacks = callbacks;
25 | // obtain an extension helpers object
26 | helpers = callbacks.getHelpers();
27 | stdout = new PrintWriter(callbacks.getStdout(), true);
28 | }
29 |
30 | @Override
31 | public IMessageEditorTab createNewInstance(IMessageEditorController controller, boolean editable)
32 | {
33 | // create a new instance of our custom editor tab
34 | return new XSSTab(controller, editable);
35 | }
36 |
37 | class XSSTab implements IMessageEditorTab{
38 | private boolean editable;
39 | private ITextEditor txtInput;
40 | private byte[] currentMessage;
41 |
42 | public XSSTab(IMessageEditorController controller, boolean editable)
43 | {
44 | this.editable = editable;
45 |
46 | // create an instance of Burp's text editor, to display our deserialized data
47 | txtInput = callbacks.createTextEditor();
48 | txtInput.setEditable(editable);
49 | }
50 |
51 | //
52 | // implement IMessageEditorTab
53 | //
54 |
55 | @Override
56 | public String getTabCaption()
57 | {
58 | return "XSS";
59 | }
60 |
61 | @Override
62 | public Component getUiComponent()
63 | {
64 | return txtInput.getComponent();
65 | }
66 |
67 | @Override
68 | public boolean isEnabled(byte[] content, boolean isRequest)
69 | {
70 | return isRequest;
71 | }
72 |
73 | @Override
74 | public void setMessage(byte[] content, boolean isRequest)
75 | {
76 | if (content == null)
77 | {
78 | txtInput.setText(null);
79 | txtInput.setEditable(false);
80 | }else{
81 | IRequestInfo reqInfo = helpers.analyzeRequest(content);
82 | List params = reqInfo.getParameters();
83 | byte paramType = reqInfo.getMethod().equals("GET")? IParameter.PARAM_URL : IParameter.PARAM_BODY;
84 |
85 | // xss payloads
86 | String xssStart = "\"/>";
88 | int num = 1;
89 | for(int i=0; i < params.size(); i++) {
90 | IParameter param = params.get(i);
91 | if(param.getType() != IParameter.PARAM_COOKIE && !param.getName().contains("_csrf")) {
92 | IParameter newParam = helpers.buildParameter(
93 | param.getName(),
94 | xssStart + (num++) + xssEnd, //payload
95 | paramType);
96 | content = helpers.updateParameter(content, newParam);
97 | //stdout.println("parameter [" + param.getName() + "]'s value setted to " + newParam.getValue());
98 | }
99 | }
100 | txtInput.setText(content);
101 | txtInput.setEditable(editable);
102 | }
103 | // remember the displayed content
104 | currentMessage = content;
105 | }
106 |
107 | @Override
108 | public byte[] getMessage()
109 | {
110 | return currentMessage;
111 | }
112 |
113 | @Override
114 | public boolean isModified()
115 | {
116 | return false; //always
117 | }
118 |
119 | @Override
120 | public byte[] getSelectedData()
121 | {
122 | return txtInput.getSelectedText();
123 | }
124 | }
125 | }
--------------------------------------------------------------------------------
/README.md:
--------------------------------------------------------------------------------
1 | # Ghazi
2 | Ghazi is a BurpSuite Plugins For Testing various PayLoads Like "XSS,SQLi,SSTI,SSRF,RCE and LFI" through Different tabs , Where Each Tab Will Replace Every GET or POST Parameters With Selected TAB in "Proxy" or "Repeater" TAB
3 |
4 |
5 | XSS tab of Ghazi Replacing Every Parameters to XSS PayLoad
6 |
7 | 
8 |
9 |
10 | SSTI (Server Side Template Injection) Tab Replacing Every Paramter
11 |
12 | 
13 |
14 |
15 |
16 | Thanks to 'Ijaaz and Kashif' for Best Contribution
17 |
18 |
19 | Regards p3n73st3r
20 | twitter.com/p3n73st3r
21 |
--------------------------------------------------------------------------------