Skip to content

Meth0dMan is a Burp Suite extension to aid in testing HTTP Methods

Notifications You must be signed in to change notification settings

PortSwigger/meth0d-man

 
 

Repository files navigation

#Meth0dMan

Meth0dMan is a Burp Suite extension to aid in testing HTTP Methods. It generates a custom intruder payload based on the hosts site-map, allowing quick identification of several HTTP Method issues.

##Features

  • Custom intruder payloads based on current site-map
  • Automatic parameter highlighting within the intruder
  • Works for both Free and Professional version of Burp Suite
  • Find directory listings, Cross-Site Tracing (XST) and other issues without using the scanner

##How To Use It

  1. From the Extender tab in Burp Suite, add Meth0dMan.jar
  2. Spider or discover content on site to build the site-map
  3. Send a request to Meth0dMan (creates a new intruder attack) Send to Meth0dMan
  4. Adjust the attack Type to 'Cluster Bomb'
  5. Set the first payload to HTTP Verbs List (or your own verbs)
  6. Set the second payload to "Extension-generated"
  7. Select generator, choose "Meth0dMan Payloads" from the drop down list
  8. Ensure you have URL encoding off and start fuzzing!
    Extension Generated Payloads

About

Meth0dMan is a Burp Suite extension to aid in testing HTTP Methods

Resources

Stars

Watchers

Forks

Packages

No packages published

Languages

  • Java 91.6%
  • HTML 8.4%