Closed hoodoer closed 4 months ago
When you add the custom js payload function, it is very easy to use. I often use it during red team penetration testing. Thank you for writing such a good tool. My friend, but I have some suggestions. If it is convenient for you, can you write a function to send logs to email or telegram channels after receiving cookies and other information?
Thanks! I'm still planning on working on your enumeration suggestion, I have a ticket for it. Just ben swamped with the auto payload generator, please give that a try sometime and let me know if you have issues.
I like the idea of email based notification, that shouldn't be too hard to pull off.
Besides configuring the tool to send emails, maybe a feature where you select which events you want to be notified for? Or a rollup of different events, if there has been new ones, over the past 24 hours?
Are you looking for immediate notifications, or occasional updates?
If you have any questions about enumeration, you can contact me in time, I will be very happy to communicate with you. In addition to sending emails, telegram bot notifications.
"You can choose which events to be notified", I think "generate new events" is more valuable at this point in time, because when the red team simulated attack and defense, we determined that we would do some operations through js. At this time, timeliness It's very important.
I'll see if I can add email notifications soon, I don't know anything about telegram though. I'll have to dig into that a bit.
@Burpbounty I just merged an SMTP email notification feature into main. Hopefully no bugs in here, I haven't seen any. You can get emails on new clients, or new clients and client events. There's a delay setting between emails so you don't get spammed to death. Hopefully that helps a bit. Let me know if you have any issues with it, all the SMTP settings are in "App Settings" in the app.
@Burpbounty I have yet to see any local IP enumeration features work on any modern browser, I'm afraid this technique is no longer feasible. I have added the optional client fingerprinting in version 2.14. You need to enable it in the js-tap client, and also turn it on in the js-tap portal in app settings to show it.
The client search filter references the fingerprint value, so you can copy and paste it into the filter to show all clients with the same fingerprint. Hope that helps.
but some other code, i can show you are.
sometime,
navigator.plugins
can get client install software.(depending browsers)..Anyway, this is a good project. Adding custom JavaScript functionality and passing information to JavaScript is a better extension that will make your project more popular
Originally posted by @Burpbounty in https://github.com/hoodoer/JS-Tap/issues/4#issuecomment-1956609973