Skip to content

Latest commit

 

History

History
23 lines (18 loc) · 1.28 KB

README.md

File metadata and controls

23 lines (18 loc) · 1.28 KB

#Meth0dMan

Meth0dMan is a Burp Suite extension to aid in testing HTTP Methods. It generates a custom intruder payload based on the hosts site-map, allowing quick identification of several HTTP Method issues.

##Features

  • Custom intruder payloads based on current site-map
  • Automatic parameter highlighting within the intruder
  • Works for both Free and Professional version of Burp Suite
  • Find directory listings, Cross-Site Tracing (XST) and other issues without using the scanner

##How To Use It

  1. From the Extender tab in Burp Suite, add Meth0dMan.jar
  2. Spider or discover content on site to build the site-map
  3. Send a request to Meth0dMan (creates a new intruder attack) Send to Meth0dMan
  4. Adjust the attack Type to 'Cluster Bomb'
  5. Set the first payload to HTTP Verbs List (or your own verbs)
  6. Set the second payload to "Extension-generated"
  7. Select generator, choose "Meth0dMan Payloads" from the drop down list
  8. Ensure you have URL encoding off and start fuzzing!
    Extension Generated Payloads