This is a chrome extension similar to Hackbar, but with different design aimed for flexibility.
Suitable for Pentesting website and API manipulations.
Because this extension don't much using Chrome-specific features, you can also π try it right in the browser.
- Clone this repo
git clone https://github.com/willnode/bandit
- Open Google Chrome extension page
chrome://extensions
- Turn on
developer mode
, clickload unpacked extension
and point to the cloned repo - Extension will appear as the ninja icon π±βπ€
- Open as popup or website
- Lots of options for string manipulations
- A dedicated page for testing XHR/web request
More info about features:
Do many string operations, like:
- Encode and decoding (HTML/JS/Base64/Hex etc.)
- Cryptograhy encoding (MD5/SHA1/SHA256 etc.)
- Payloads and injection (XSS/SQLi/Paths etc.)
- Some funny things (reverse/case switches/punny code etc.)
- Many more or just write the JS operation for whatever you want.
The XHR tool can be used to emulate HTTP Request to any endpoint. The UX is super simple, you just have to type the HTTP request like:
GET https://api.github.com/users/willnode/repos HTTP/1.1
Accept: Application/JSON
The click SEND AS XHR
. Not just GET, but also support POST, OPTIONS, etc.
For simplicity, the tool also understands:
https://api.github.com
/users
/willnode
/repos
Accept: Application/JSON
which is an identical request.
To bypass browser restriction (e.g. CORS and Cache Control), you need to run a proxy that dedicated for this tool
After the server run, you can request:
GET https://google.com/ HTTP/1.1
Accept: Application/JSON
User-Agent: Googlebot
Cookie: just=acookie
And it'll request as is while returting the whole body + unsanitized HTTP Header. No kidding.