IDOR file downloader using HTTP request files.
Project description
idox - Indirect Data Exploiter
A CLI or embedded tool for easily downloading IDOR'd files from a burp request.
Example usage
Imagine you have a website that looks like the following:
https://domain.com/images/5/download
https://domain.com/images/6/download
Then you could use the following burp request:
request.txt
GET /images/$INJECT$/download HTTP/1.1
Host: domain.com
To IDOR all images with the id's from 0
to 100
like so
python -m idox --request-file-path request.txt 100
This would create an output
directory which stores all the responses from your target site by response content type.
For further usage, see python -m idox --help
or the data
directory.
Support
Want realtime help? Join the discord here.
License
This project is licensed under the MIT license
Funding
Want a feature added quickly? Want me to help build your software using Alaric?
Sponsor me here
Project details
Release history Release notifications | RSS feed
Download files
Download the file for your platform. If you're not sure which to choose, learn more about installing packages.