Bandit v0.4.0 🐱👤
This is a chrome extension similar to Hackbar, but with different design aimed for flexibility.
Suitable for Pentesting website and API manipulations.
Because this extension don't much using Chrome-specific features, you can also
- Clone this repo
git clone https://github.com/willnode/bandit
- Open Google Chrome extension page
- Turn on
developer mode, click
load unpacked extensionand point to the cloned repo
- Extension will appear as the ninja icon 🐱👤
- Open as popup or website
- Lots of options for string manipulations
- A dedicated page for testing XHR/web request
More info about features:
Do many string operations, like:
- Encode and decoding (HTML/JS/Base64/Hex etc.)
- Cryptograhy encoding (MD5/SHA1/SHA256 etc.)
- Payloads and injection (XSS/SQLi/Paths etc.)
- Some funny things (reverse/case switches/punny code etc.)
- Many more or just write the JS operation for whatever you want.
The XHR tool can be used to emulate HTTP Request to any endpoint. The UX is super simple, you just have to type the HTTP request like:
GET https://api.github.com/users/willnode/repos HTTP/1.1 Accept: Application/JSON
SEND AS XHR. Not just GET, but also support POST, OPTIONS, etc.
For simplicity, the tool also understands:
https://api.github.com /users /willnode /repos Accept: Application/JSON
which is an identical request.
To bypass browser restriction (e.g. CORS and Cache Control), you need to run a proxy that dedicated for this tool
After the server run, you can request:
GET https://google.com/ HTTP/1.1 Accept: Application/JSON User-Agent: Googlebot Cookie: just=acookie
And it'll request as is while returting the whole body + unsanitized HTTP Header. No kidding.