HackBar
A browser extension for Penetration Testing
## Contributor
- 0140454
- GitHub: https://github.com/0140454
- lebr0nli
- GitHub: https://github.com/lebr0nli
- boylin0
- GitHub: https://github.com/boylin0
- HSwift
- GitHub: https://github.com/HSwift
## How to open it?
1. Open "Developer tools" (Press F12 or Ctrl+Shift+I)
2. Switch to "HackBar" tab
3. Enjoy it
## Features
* Load
* From tab (default)
* From cURL command
* Supported
* HTTP methods
* GET
* POST
* application/x-www-form-urlencoded
* multipart/form-data
* application/json
* Request editing mode
* Basic
* Raw
* Custom payload
* For more information, please visit https://github.com/0140454/hackbar/blob/master/README.md
* Auto Test
* Common paths (Wordlist from dirsearch included)
* SQLi
* Dump all database names (MySQL, PostgreSQL, MSSQL)
* Dump tables from database (MySQL, PostgreSQL, MSSQL)
* Dump columns from database (MySQL, PostgreSQL, MSSQL)
* Union select statement (MySQL, PostgreSQL, MSSQL)
* Error-based injection statement (MySQL, PostgreSQL, MSSQL)
* Dump in one shot payload (MySQL)
* Reference: https://github.com/swisskyrepo/PayloadsAllTheThings
* Dump current query payload (MySQL)
* Reference: https://github.com/swisskyrepo/PayloadsAllTheThings
* Space to Inline comment
* XSS
* Vue.js XSS payloads
* Angular.js XSS payloads for strict CSP
* Some snippets for CTF
* Html encode/decode with hex/dec/entity name
* String.fromCharCode encode/decode
* Helper function for converting payload with `atob`
* LFI
* PHP wrapper - Base64
* SSRF
* AWS - IAM role name
* SSTI
* Jinja2 SSTI
* Flask RCE Reference: https://twitter.com/realgam3/status/1184747565415358469
* Java SSTI
* Shell
* Python reverse shell cheatsheet
* bash reverse shell cheatsheet
* nc reverse shell cheatsheet
* php reverse shell/web shell cheatsheet
* Encoding
* URL encode/decode
* Base64 encode/decode
* Hexadecimal encode/decode
* Unicode encode/decode
* Escape ASCII to hex/oct format
* Hashing
* MD5
* SHA1
* SHA256
* SHA384
* SHA512
## Shortcuts
* Load
* Default: Alt + A
* Split
* Default: Alt + S
* Execute
* Default: Alt + X
* Switch request editing mode
* Default: Alt + M
## Third-party Libraries
For more information, please visit https://github.com/0140454/hackbar#third-party-libraries
Latest reviews
Excellent.
sss
nice good
Good job. Good functionality, maybe not quite as good as phitachi but very good none the less. Thanks
nice..
god bless you
where the submit,dont found the button
最近一直提示插件损坏,无法使用了?
submit还是有问题
那个hackbar要收费,这个刚下,界面挺炫酷的。
it was way to much add a tutorial
it was way to much add a tutorial
love it
love it
I don't know how to use it
its not opening
its not opening
非常强,希望增加更多payload功能
good!!!
good!!!
An awesome extension for hackers
An awesome extension for hackers
Отличное расширение для пентестинга.
nice tool
nice tool
不能导入url了,赶紧修复一下
I press ctrl + shift + ı but don't work. Only open F12 console
I press ctrl + shift + ı but don't work. Only open F12 console
更新了很多新功能,nice!!!
Buenardo! 10/10 te la rifaste Ricardo.
Работает, круто, спасибо!
bisa bang ,makasih
It works, however with this extension enabled it breaks copy and paste in my browser. Please fix this issue.
It works, however with this extension enabled it breaks copy and paste in my browser. Please fix this issue.
не работает((
mantap
nice
nice
可以
Nice
Nice
nice
nice
So if the tools can provide a selection in encoding,it will be more convenient. eg: only coding `'` to `%27` only coding space to %20
So if the tools can provide a selection in encoding,it will be more convenient. eg: only coding `'` to `%27` only coding space to %20
Really good work guys, I love it!!!
Really good work guys, I love it!!!
太强了,界面美观,功能和老版的hackbar一样,比其他的hackbar好多了,并且post传参可以使用,如果不是f12打开就完美了,谢谢。
Unable to fetch request information After installing extension, it is required to reload the tab for recording the request but I have restarted my browser!!!
Unable to fetch request information After installing extension, it is required to reload the tab for recording the request but I have restarted my browser!!!