IDOR file downloader using HTTP request files.
Project description
idox - Indirect Data Exploiter
A CLI or embedded tool for easily downloading IDOR'd files from a burp request.
Example usage
Imagine you have a website that looks like the following:
https://domain.com/images/5/download
https://domain.com/images/6/download
Then you could use the following burp request:
request.txt
GET /images/$INJECT$/download HTTP/1.1
Host: domain.com
To IDOR all images with the id's from 0
to 100
like so
python -m idox --request-file-path request.txt 100
This would create an output
directory which stores all the responses from your target site by response content type.
For further usage, see python -m idox --help
or the data
directory.
Support
Want realtime help? Join the discord here.
License
This project is licensed under the MIT license
Funding
Want a feature added quickly? Want me to help build your software using Alaric?
Sponsor me here
Project details
Download files
Download the file for your platform. If you're not sure which to choose, learn more about installing packages.