GitPlanet

Cheap and reliable Node.js hosting starts at $3/month, and $1/month static HTML hosting

Created with love in Canada, visit hostnodejs.com today

Feel like to post an Ad? Learn Details
All Projects → 0140454 → hackbar

0140454 / hackbar

Licence: other
A browser extension for Penetration Testing

Programming Languages

javascript
184084 projects - #8 most used programming language
HTML
75241 projects
CSS
56736 projects

Labels

chrome-extensionchromeextensionhackbar

Projects that are alternatives of or similar to hackbar

Code Debug
Native debugging for VSCode
Stars: ✭ 232 (+77.1%)
Mutual labels:  extension
Gab Dissenter Extension
Dissenter.com Browser Extension source code
Stars: ✭ 252 (+92.37%)
Mutual labels:  extension
PDL
php dynamic library (PDL)
Stars: ✭ 13 (-90.08%)
Mutual labels:  extension
Smart Hierarchy
Better hierarchy for Unity.
Stars: ✭ 234 (+78.63%)
Mutual labels:  extension
Twitch Hls Adblock
Block advertisements that are inserted in Twitch streams directly.
Stars: ✭ 242 (+84.73%)
Mutual labels:  extension
newhackbar
A sitebar that helps pentesters to perform manual web security testing inside their browser. This addon is written in webextension and alternatives to the XUL version of original Hackbar.
Stars: ✭ 42 (-67.94%)
Mutual labels:  hackbar
Awesome Xcode Extensions
Awesome native Xcode extensions.
Stars: ✭ 2,628 (+1906.11%)
Mutual labels:  extension
Funky
Funky is a functional utility library written in Objective-C.
Stars: ✭ 41 (-68.7%)
Mutual labels:  extension
Vscode Data Preview
Data Preview 🈸 extension for importing 📤 viewing 🔎 slicing 🔪 dicing 🎲 charting 📊 & exporting 📥 large JSON array/config, YAML, Apache Arrow, Avro, Parquet & Excel data files
Stars: ✭ 245 (+87.02%)
Mutual labels:  extension
save-text-to-file-firefox
Firefox addon that saves highlighted text to a file.
Stars: ✭ 87 (-33.59%)
Mutual labels:  extension
Axocover
Nice and free .Net code coverage support for Visual Studio with OpenCover.
Stars: ✭ 237 (+80.92%)
Mutual labels:  extension
Chrome Developer Mode Extension Warning Patcher
⇒ Disable Chrome's Developer Mode Extension Warning Popup & Elision WWW/HTTPS Hiding & Debugging Extension Popup
Stars: ✭ 240 (+83.21%)
Mutual labels:  extension
TwitchPotPlayer
Extensions for PotPlayer to watch Twitch streams without streamlinks or any crap.
Stars: ✭ 159 (+21.37%)
Mutual labels:  extension
Webxr Emulator Extension
WebXR emulator extension
Stars: ✭ 231 (+76.34%)
Mutual labels:  extension
github-toc
📖 Browser extension that adds a table of contents to GitHub repos, wikis and gists.
Stars: ✭ 71 (-45.8%)
Mutual labels:  extension
Miaow
A set of plugins for Sketch include drawing links & marks, UI Kit & Color sync, font & text replacing.
Stars: ✭ 2,536 (+1835.88%)
Mutual labels:  extension
Cpupower
Gnome-Shell Extension for intel-pstate driver
Stars: ✭ 252 (+92.37%)
Mutual labels:  extension
nautilus-pdf-tools
Tools to work with PDF files from Nautilus
Stars: ✭ 16 (-87.79%)
Mutual labels:  extension
new-word-tab
A browser extension to learn a new word per new tab
Stars: ✭ 30 (-77.1%)
Mutual labels:  extension
auto-click-auto-fill
Auto Click Auto Fill on any web page
Stars: ✭ 111 (-15.27%)
Mutual labels:  extension
View All Similar Projects ➔

HackBar

HackBar for Chrome.

Available on Chrome Web Store.

Requested Permissions

  • tabs
  • webRequest
  • webRequestBlocking

Features

  • Supported methods

  • Auto Test

    • Common paths (Wordlist from dirsearch included)

  • SQLi

    • Dump all database names (MySQL, PostgreSQL)
    • Dump tables from database (MySQL, PostgreSQL, SQLite)
    • Dump columns from database (MySQL, PostgreSQL, SQLite)
    • Union select statement (MySQL, PostgreSQL, SQLite)
    • Error-based injection statement (MySQL, PostgreSQL)
    • Dump in one shot payload (MySQL)
    • Dump current query payload (MySQL)
    • Space to Inline comment

  • XSS

    • Vue.js XSS payloads
    • Angular.js XSS payloads for strict CSP
    • Some snippets for CTF
    • Html encode/decode with hex/dec/entity name
    • String.fromCharCode encode/decode

  • LFI

    • PHP wrapper - Base64

  • SSTI

  • Shell

    • Python reverse shell cheatsheet
    • bash reverse shell cheatsheet
    • nc reverse shell cheatsheet
    • php reverse shell/web shell cheatsheet

  • Encoding

    • URL encode/decode
    • Base64 encode/decode
    • Hexadecimal encode/decode
    • Unicode encode/decode
    • Escape ASCII to hex/oct format

  • Hashing

    • MD5
    • SHA1
    • SHA256
    • SHA512

Usage

How to open it?

  1. Open Developer tools (Press F12 or Ctrl + Shift + I)
  2. Switch to HackBar tab
  3. Enjoy it

Shortcuts

Description Default Mac
Load Alt + A Control + A
Split Alt + S Control + S
Execute Alt + X Control + X

Supported enctype

multipart/form-data

After changing enctype field to multipart/form-data, you can put your payload into Body field such as the following:

------WebKitFormBoundarydbJBATDXCC6CL0lZ
Content-Disposition: form-data; name="user"

user
------WebKitFormBoundarydbJBATDXCC6CL0lZ
Content-Disposition: form-data; name="file"; filename="shell.php"
Content-Type: application/x-httpd-php

<?php passthru($_GET['c']); ?>
------WebKitFormBoundarydbJBATDXCC6CL0lZ--

We will consider the first line as boundary, and reconstruct a form element to send your request.

Therefore, sent boundary will not be the same as your typed.

application/json

After changing enctype field to application/json, you can put your payload into Body field such as the following:

{
  "username": "admin",
  "password": "admin"
}

If your payload doesn't contain =:

In order to post JSON data, we will insert a dummy field or object to your JSON such as the following:

{"username":"admin","password":"admin","4dxnzjzd5mi":"="}

For more details, please visit "Posting JSON with an HTML Form".

Third-party Libraries

Contributor

Note that the project description data, including the texts, logos, images, and/or trademarks, for each open source project belongs to its rightful owner. If you wish to add or remove any projects, please contact us at [email protected].