Report Generation Options

The Report Generation related options are the options which (as name suggests) affects the final report generation.

There are following options in this category -

Report Generation:
  --rows-limit 200      Specify the number of rows to be included in single file, if not specified, a single report will be generated, if specified, multiple reports with specified rows amount will be generated, useful when test consists of thousands of payloads.
  --scope api1.example.com,bak.example.com
                        Comma separated list of hostnames in scope
  --inscope-urls /path/to/file OR "https://api1.example.com/v2/getData","https://bak.example.com/v2/signin"
                        Comma-separated list of urls or file containing urls in-scope
  --outofscope-urls /path/to/file OR "http://10.13.37.3:8080/webgoat/service/hint.mvc","http://10.13.37.3:8080/webgoat/service/solution.mvc"
                        Comma separated list of urls or file containing urls which are to be excluded from final report

Splitting the final report using `--rows-limit` option

For any requirement(like file is too large), if you want to limit the number of rows in final report, you can do it by specifying the limit of rows in single report using --rows-limit. This will split the final report into multiple smaller reports each with specified number rows. The reports will be generated sequentially and no data will be lost.

For example, here We are splitting the report into chunks of 300 rows.

python3 BrowserBruter.py --buttons-to-press-before-fuzz button1 --elements brandName,brandStatus --payloads fuzz.txt --target http://localhost/brand.php --cookie PHPSESSID:ujmrvhk6esu84l8r2i2h2ee7f2 --attack 1 --button createBrandBtn --fill brandName,brandStatus --rows-limit 300

So final result will be as follows -

Here, numbered reports are smaller reports of main report. These reports then can easily viewed in The Report Explorer.

Note: If you forgot to reduce the report size using above method, you can still split it using The Report Explorer utility. Learn more about it here.

Extending the scope using `--scope` option

By default, The BrowserBruter will not include HTTP traffic sent to hosts other than target host. But due to rise of usage of APIs, it is highly possible that the host for APIs is different than target host.

For example, our target is --target https://net-square.com/login but it sends the traffic to https://api.net-square.com/auth to check for valid authentication. In such case we can extend our scope to include api.net-square.com too using --scope api.net-square.com

python3 --elements uid,pass --payloads sqli.txt --attack 1 --button login --target https://net-square.com/login --scope api.net-square.com

Including and Excluding HTTP traffic using `--inscope-urls` and `--outofscope-urls` options

As name suggests, this option will let you specify the url to include in the final report, all requests to other urls will be discarded.

By default, The BrowserBruter includes HTTP Traffic for all URLs (except for static files like .css, .js, .png, .woff, etc. See full list of static media here) that are triggered after a fuzz attempt so no traffic is missed. This doesn't means that traffic generated after submission of form is always useful.

For example, after fuzzing the Add Brand functionality of our stock management system using following -

python3 BrowserBruter.py --buttons-to-press-before-fuzz button1 --elements brandName,brandStatus --payloads fuzz.txt --target http://localhost/brand.php --cookie PHPSESSID:ujmrvhk6esu84l8r2i2h2ee7f2 --attack 1 --button createBrandBtn --fill brandName,brandStatus --threads 20 --no-css --headless

The final report contains traffic for URLs like http://localhost/php_action/fetchBrand.php,http://localhost/brand.php, etc.

But the one that really matters for this particular scenario is http://localhost/php_action/createBrand.php

So we can tell The BrowserBruter to include only this URL in final report using following `--inscope-urls "http://localhost/php_action/createBrand.php"

python3 BrowserBruter.py --buttons-to-press-before-fuzz button1 --elements brandName,brandStatus --payloads fuzz.txt --target http://localhost/brand.php --cookie PHPSESSID:ujmrvhk6esu84l8r2i2h2ee7f2 --attack 1 --button createBrandBtn --fill brandName,brandStatus --threads 20 --no-css --headless --inscope-urls "http://localhost/php_action/createBrand.php"

The --inscope-urls option can take comma separated list of urls like following

--inscope-urls "http://localhost/php_action/createBrand.php","http://localhost/brand.php"

Or can take file containing list of url to include in final report like following

> cat urls.txt
http://localhost/php_action/createBrand.php
http://localhost/brand.php

python3 BrowserBruter.py --buttons-to-press-before-fuzz button1 --elements brandName,brandStatus --payloads fuzz.txt --target http://localhost/brand.php --cookie PHPSESSID:ujmrvhk6esu84l8r2i2h2ee7f2 --attack 1 --button createBrandBtn --fill brandName,brandStatus --threads 20 --no-css --headless --inscope-urls urls.txt

Note: You can still filter the final report data based on urls in The Report Explorer tool if you don't want or forgot to use this option. See here

The --outofscope-urls option is exact opposite of the --inscope-urls option where instead of including HTTP traffic, it excludes specified HTTP URLs from final report.

This is useful when there is one or two particular URLs that you want to exclude from final report and include all others.

The syntax for taking values for --outofscope-urls options is same as --inscope-urls option.

python3 BrowserBruter.py --buttons-to-press-before-fuzz button1 --elements brandName,brandStatus --payloads fuzz.txt --target http://localhost/brand.php --cookie PHPSESSID:ujmrvhk6esu84l8r2i2h2ee7f2 --attack 1 --button createBrandBtn --fill brandName,brandStatus --threads 20 --no-css --headless --outofscope-urls "http://localhost/brand.php"

> cat urls.txt
http://localhost/php_action/fetchBrand.php
http://localhost/brand.php

python3 BrowserBruter.py --buttons-to-press-before-fuzz button1 --elements brandName,brandStatus --payloads fuzz.txt --target http://localhost/brand.php --cookie PHPSESSID:ujmrvhk6esu84l8r2i2h2ee7f2 --attack 1 --button createBrandBtn --fill brandName,brandStatus --threads 20 --no-css --headless --outofscope-urls urls.txt

Note: You can still filter the final report data based on urls in The Report Explorer tool if you don't want or forgot to use this option. See here

Hope on to the next section to learn about in-built usage manual of The BrowserBruter.

Report Generation Options

Report Generation Options

Splitting the final report using `--rows-limit` option

Extending the scope using `--scope` option

Including and Excluding HTTP traffic using `--inscope-urls` and `--outofscope-urls` options

results matching ""

No results matching ""

Report Generation Options

Splitting the final report using --rows-limit option

Extending the scope using --scope option

Including and Excluding HTTP traffic using --inscope-urls and --outofscope-urls options

results matching ""

No results matching ""

Splitting the final report using `--rows-limit` option

Extending the scope using `--scope` option

Including and Excluding HTTP traffic using `--inscope-urls` and `--outofscope-urls` options