Burpsuite plugin for Interact.sh

Overview

Interactsh Collaborator

This is a Burpsuite plugin for Interact.sh

This plugin implements the client side logic from interactsh-client. It will allow you to generate new domains that can be used for OOB testing. If you host your own version of Interactsh you can configure it in the Configuration tab.

This extension works in addition to Burpsuite's Collaborator service.

All results are logged in the Interactsh Logs tab once the extension is loaded. Verbose details will be displayed in the bottom window once an OOB interaction is logged and selected.

Interactsh-Collaborator

Build

  1. mvn package
  2. Add the target/collaborator-1.x.x-dev-jar-with-dependencies.jar file as a new Java extension in Burpsuite

Alternatively you can download the precompiled library from the latest releast

Usage

After the extension is installed you should be able to see the Interactsh tab. Navigate to the tab and click the button labeled Generate Interactsh Url.

This button will copy the generated domain name to your clipboard. The domain name will also be logged to the extension output.

You can then use this domain name in any OOB testing. To generate a sample event you can visit that domain in a new browser tab.

Data should populate after a few seconds into the table with details about what type of OOB interaction occurred.

Try adjusting the poll time to a shorter value when you expect active results.

Issues
  • Missing interactions for self hosted server

    Missing interactions for self hosted server

    • Load latest jar file in burp
    • Update with self-hosted server under config
    • Click on Update settings
    • Generate new payload
    • Visit the URL, notice interactions are not updated.
    opened by ehsandeep 6
  • [Request] Custom Configuration

    [Request] Custom Configuration

    As a user of interactsh-collaborator I should be able to supply a custom Interact.sh server without recompiling the entire application.

    These settings should be persisted when closing and opening Burpsuite.

    opened by wdahlenburg 1
  • [Request] SMTP Support

    [Request] SMTP Support

    SMTP was left out of v1.0.0, but should be supported to allow details to be read about these types of interactions.

    opened by wdahlenburg 1
  • Add Configuration Pane

    Add Configuration Pane

    This PR adds the configuration pane.

    A SpringLayout was used within a FlowLayout pane to create the nice form.

    The update button will save the settings so that they persist when burpsuite is closed and reloaded.

    The settings are referenced when a client is created.

    opened by wdahlenburg 0
  • [Request] Smart Polling

    [Request] Smart Polling

    When the poll count changes each thread should respond within a few seconds to determine if the current time slept is greater than the new poll time. If so, then stop sleeping and poll.

    This issue arises from the fact that TimeUnit.SECONDS.sleep(burp.BurpExtender.pollTime); is called. Instead I should sleep for a second at a time and add to a sleep counter. This allows each thread to not be stuck sleeping until the old poll duration is complete.

    opened by wdahlenburg 0
  • [Request] ID's to interactions

    [Request] ID's to interactions

    Addition of the ID column will be useful, similar to the burp history view that allows users to sort the table in ascending and descending order.

    image

    opened by ehsandeep 0
  • [Request] Clear Logs

    [Request] Clear Logs

    Adding a feature request to add the ability to clear all logs from the table

    opened by wdahlenburg 2
Releases(v1.0.1)
Owner
Wyatt Dahlenburg
Security Researcher and Developer
Wyatt Dahlenburg
A Camunda Process Engine Plugin to execute Clojure Functions from Activities

camunda-clojure-plugin A Camunda Process Engine Plugin to execute Clojure Functions as Delegates Why do we need this? While Camunda is tightly integra

lambdaschmiede GmbH 7 Aug 31, 2021
Captures log entries for unit testing purposes

LogCaptor Install with maven <dependency> <groupId>io.github.hakky54</groupId> <artifactId>logcaptor</artifactId> <version>2.4.0</version>

null 121 Sep 13, 2021
Serenity BDD is a test automation library designed to make writing automated acceptance tests easier, and more fun.

That feeling you get when you know you can trust your tests Serenity BDD is a library designed to make writing automated acceptance tests easier, and

Serenity BDD 575 Sep 6, 2021
JVM version of Pact. Enables consumer driven contract testing, providing a mock service and DSL for the consumer project, and interaction playback and verification for the service provider project.

pact-jvm JVM implementation of the consumer driven contract library pact. From the Ruby Pact website: Define a pact between service consumers and prov

Pact Foundation 871 Sep 10, 2021
GHIDRA plugin to parse, disassemble and decompile NodeJS Bytenode (JSC) binaries

ghidra_nodejs Description GHIDRA plugin to parse, disassemble and decompile NodeJS Bytenode (JSC) binaries. Supported NodeJS versions: v8.16.0 (x64) (

Positive Technologies 154 Aug 30, 2021
Lightweight analysis tool for detecting mutability in Java classes

What is Mutability Detector? Mutability Detector is designed to analyse Java classes and report on whether instances of a given class are immutable. I

Mutability Detector 219 Jul 18, 2021
A browser automation framework and ecosystem.

Selenium Selenium is an umbrella project encapsulating a variety of tools and libraries enabling web browser automation. Selenium specifically provide

Selenium 21.7k Sep 18, 2021
Enabling Test Automation in Java

SeLion Enabling Test Automation in Java SeLion builds on top of TestNG and Selenium to provide a set of capabilities that get you up and running with

PayPal 262 Sep 10, 2021
Utility to automatically manage all web element waits and enables to write wait-free selenium tests.

selenium-auto-wait selenium-auto-wait automatically manages all weblement waits and makes you to write wait free selenium tests. Features Waits till e

Sudharsan Selvaraj 27 Sep 6, 2021
A tool for mocking HTTP services

WireMock - a web service test double for all occasions Key Features HTTP response stubbing, matchable on URL, header and body content patterns Request

Tom Akehurst 4.6k Sep 20, 2021
CodeSheriff is a simple library that helps you in writing JUnit tests that check the quality of your code

CodeSheriff is a simple library that helps you in writing JUnit tests that check the quality of your code. For example, CodeSheriff may fail because you have methods in your code that have more than X lines of code, or that have complexity greater than Y.

Maurício Aniche 61 Aug 23, 2021
🔌 Simple library to manipulate HTTP requests/responses and capture network logs made by the browser using selenium tests without using any proxies

Simple library to manipulate HTTP requests and responses, capture the network logs made by the browser using selenium tests without using any proxies

Sudharsan Selvaraj 25 Sep 15, 2021