Update:
- The code in this repo might not be latest release.
- Current code is close-sourced.
- Powerpoint is hosted at: https://stc.drstrange.org/shadeless.pptx
- Demo hosted at: https://shadeless.drstrange.org . Cred: anpham / anpham
Shadeless takes data from a Burp Extension called Shadeless-Burp, then visualize and allow users to query for intesting request/response that mainly support bug bounty hunters & blackbox testing, below are some features that Shadeless support:
- Multiple hunters can collaborate with each other.
- Query past HTTP req/res via understandable english grammar, for example:
- Finding APIs that set cookie:
origin contains "<target_origin>" and responseHeader contains "Set-Cookie" - Search for unrelated request:
origin not_matches "gstatic|hotjar|cdn" - Simple stored xss check:
origin contains "<target_origin>" and reflectedParameters != null and responseHeader contains "text/html"
- Finding APIs that set cookie:
- Able to delete undesirable req/res at ease.
- After queried at desired req/res, you can view req/res around that particular time (I call this feature as "time travel")
- By viewing the content of req/res, there's a button that generate
ffufcommand to fuzz that endpoint. - By clicking on generating
ffufcommand, the server automatically acknowledge that we've tried fuzz that endpoint so it +1 to thefuzzCntattribute of the api endpoint. => We can write query for non-fuzzed endpoint for example:origin contains "<target_origin>" and fuzzCnt == 0 - CAUTION: Because multiple hackers are storing data in the same place, their credentials may get leaked to each other. There's also a feature to "CENSOR" the req/res of AUTHENTICATION. However the credentials are still stored on Shadeless Database, which is inevitable :)
Below is architecture of Shadeless
- 1: Check file docker-compose.yml
- 2: You can change the
DATABASE_URLto another existed mongoDB. - 3: run:
bash run.prod.shbash config_account.sh