A browser extension for Penetration Testing
## Contributor
- 0140454
- GitHub: https://github.com/0140454
- lebr0nli
- GitHub: https://github.com/lebr0nli
- boylin0
- GitHub: https://github.com/boylin0
- HSwift
- GitHub: https://github.com/HSwift
## How to open it?
1. Open "Developer tools" (Press F12 or Ctrl+Shift+I)
2. Switch to "HackBar" tab
3. Enjoy it
## Features
* Load
* From tab (default)
* From cURL command
* Supported
* HTTP methods
* GET
* POST
* application/x-www-form-urlencoded
* multipart/form-data
* application/json
* Request editing mode
* Basic
* Raw
* Custom payload
* For more information, please visit https://github.com/0140454/hackbar/blob/master/README.md
* Auto Test
* Common paths (Wordlist from dirsearch included)
* SQLi
* Dump all database names (MySQL, PostgreSQL, MSSQL)
* Dump tables from database (MySQL, PostgreSQL, MSSQL)
* Dump columns from database (MySQL, PostgreSQL, MSSQL)
* Union select statement (MySQL, PostgreSQL, MSSQL)
* Error-based injection statement (MySQL, PostgreSQL, MSSQL)
* Dump in one shot payload (MySQL)
* Reference: https://github.com/swisskyrepo/PayloadsAllTheThings
* Dump current query payload (MySQL)
* Reference: https://github.com/swisskyrepo/PayloadsAllTheThings
* Space to Inline comment
* XSS
* Vue.js XSS payloads
* Angular.js XSS payloads for strict CSP
* Some snippets for CTF
* Html encode/decode with hex/dec/entity name
* String.fromCharCode encode/decode
* Helper function for converting payload with `atob`
* LFI
* PHP wrapper - Base64
* SSRF
* AWS - IAM role name
* SSTI
* Jinja2 SSTI
* Flask RCE Reference: https://twitter.com/realgam3/status/1184747565415358469
* Java SSTI
* Shell
* Python reverse shell cheatsheet
* bash reverse shell cheatsheet
* nc reverse shell cheatsheet
* php reverse shell/web shell cheatsheet
* Encoding
* URL encode/decode
* Base64 encode/decode
* Hexadecimal encode/decode
* Unicode encode/decode
* Escape ASCII to hex/oct format
* Hashing
* MD5
* SHA1
* SHA256
* SHA384
* SHA512
## Shortcuts
* Load
* Default: Alt + A
* Split
* Default: Alt + S
* Execute
* Default: Alt + X
* Switch request editing mode
* Default: Alt + M
## Third-party Libraries
For more information, please visit https://github.com/0140454/hackbar#third-party-libraries
Latest reviews
- (2023-07-03) dekun wang: 最近一直提示插件损坏,无法使用了?
- (2023-06-30) F Y: submit还是有问题
- (2023-06-29) 毛林志: 那个hackbar要收费,这个刚下,界面挺炫酷的。
- (2023-02-08) Ryan Dormanesh: it was way to much add a tutorial
- (2022-09-26) Adem Kouki: love it
- (2022-09-23) Byond VR: I don't know how to use it
- (2022-08-24) Данил Киселёв: its not opening
- (2022-07-29) 史蒂芬金: 非常强,希望增加更多payload功能
- (2022-07-19) L1u0pen: good!!!
- (2022-05-09) Omar El Houmadi: An awesome extension for hackers
- (2022-03-28) MaslovKK (MaslovKK): Отличное расширение для пентестинга.
- (2021-06-23) dr0n1: nice tool
- (2021-06-16) 星辰: 不能导入url了,赶紧修复一下
- (2021-05-06) Ugroon: I press ctrl + shift + ı but don't work. Only open F12 console
- (2021-04-05) cribug Hunter: 更新了很多新功能,nice!!!
- (2021-03-12) Daniel Mena: Buenardo! 10/10 te la rifaste Ricardo.
- (2021-01-28) Denis: Работает, круто, спасибо!
- (2020-12-18) Ara Cans: bisa bang ,makasih
- (2020-12-06) Mark Hughes: It works, however with this extension enabled it breaks copy and paste in my browser. Please fix this issue.
- (2020-08-24) Sarah Vandella: не работает((
- (2020-08-20) MAMAN RAHA: mantap
- (2020-07-31) LITTLE CHIEH: nice
- (2020-07-20) ZZ Swoole: 可以
- (2020-06-24) Yiwei Jin: Nice
- (2019-12-12) s liu: nice
- (2019-11-22) Cherry: So if the tools can provide a selection in encoding,it will be more convenient. eg: only coding `'` to `%27` only coding space to %20
- (2019-10-25) ForeGuards: Really good work guys, I love it!!!
- (2019-09-15) wei quanmin: 太强了,界面美观,功能和老版的hackbar一样,比其他的hackbar好多了,并且post传参可以使用,如果不是f12打开就完美了,谢谢。
- (2019-09-03) zhuang cai: Unable to fetch request information After installing extension, it is required to reload the tab for recording the request but I have restarted my browser!!!
- (2019-08-01) Rei Saya: nice tool
- (2019-07-31) Cacake: Gimana cara pakenya? Gabisa muncul gini!!
- (2019-06-25) TOM: not bad.
- (2019-05-21) Mose Bruce: 非常好
- (2019-05-18) God Six: it's good!perfect hack tool!非常好,我喜欢。使用过程中发现Bug,GitHub上提交了问题,作者很快就回复了并且处理好问题更新了Chrome HackBar版本,前后几乎不到3小时!作者用心在做,感谢!
- (2019-04-14) Merack Kaine: good job, sir
- (2019-04-13) dr web: goooodddddd
- (2019-04-06) Gavin mahoney: How do i open it?
- (2018-12-19) fernanda zekkel: ga bisa dipake anjing goblok lu
- (2018-10-31) 李敬: great extension, really helpfull.
- (2018-08-07) 蔡孟軒: 我覺得可以
Statistics
Installs
80,000
history
Category
Rating
4.1923 (52 votes)
Last update / version
2024-10-29 / 1.2.7
Listing languages
en