knife v1.8 releases: burp extension that add some useful function to Context Menu

Knife

A burp extension that adds some small function[ one key to update a cookie, one key add host to scope] to right-click context menu.

Functions

Menus (simple is beautiful, some menu deleted)

1. update cookieupdate current request cookie which in repeater within the latest cookie fetched from proxy history.
2. add a host to scopeadd current request host to burp scope, not URL.
3. update header

update Header that likes token, authorization.

4. open with browser

open URL of current request or selected URL with the browser you configured.

5. hackbar++insert payload of Hackbar or self-configured to the current request
6. Set-Cookie scenes: when you visit a website with IP address, It may not contains a cookie, but you know it should contain the same cookie with some site. you can use this function in Proxy. It will edit the response to set the same cookie to let whole web site use the specified cookie.
7. DismissDismiss useless requests (eg. *.firefox.com *.mozilla.com) from the proxy. see below screenshot to know more.
8. Run SQLMapOne key to run sqlmap with a currently selected request.

Tab

1. U2Cconvert Unicode To Chinese (eg.  \u4e2d\u6587–>中文)

request edit

1. auto remove some headers, eg. Last-Modified, If-Modified-Since, If-None-Match. it’s for all requests
2. auto add/update/append some headers, you can control which requests to enable for.
3. use proxy
4. chunked encoding

Changelog v1.8

•  Use analog input (Robot) to realize the input of external commands such as SQLMap to support the history of the command line and facilitate the editing of commands by yourself (windows \ kali \ ubuntu test passed, MAC failed).
• Support to display all knife menus in the second-level menu, to reduce the occupation of the burp right-click menu, which can be configured through the Put_MenuItems_In_One_Menu parameter
• The optimization of json parameter traversal logic enables the function of Insert XSS to better support JSON parameters.
• The logic judgment and optimization of the input value in the updateCookie function.
• The logic optimization of setcookie avoids rehook operation to fix the problem that a request appears twice in logger ++.
• U2C logic optimization to fix the bug that the tab disappears.
• OpenwithBrower logic optimization, try to avoid the inaccuracy of getSelectionBounds caused by Chinese and optimize the url stitching logic.
• Adjust the order of the menus and move the menus with high personal use frequency forward.
• The processing method of the dismiss function is changed to “do not intercept”, and the previous direct drop method is abandoned

Download

Copyright (C) 2019 bit4woo