First of all, get Robert @RSnake Hansen’s RFI list here:
http://ha.ckers.org/blog/20100129/large-list-of-rfis-1000/
it’s a great list, but as soon as I saw it, I was like.. hmm.. how can I use that? Well, being that I am a Burp fan, I parsed the .dat with the following line:
cat rfi-locations.dat | grep -v "^#" | awk -F '?' '{print $1}' | sort -u > rsnake_list.txt This pulls his list down to 906 entries which you can load in to Burp and hammer away with Intruder.![]()
![]()
![]()
![]()
![]()
↧