A simple helper for generating sets of potential hidden variables used in broken authentication/authorisation and latent verbosity/debug modes in a Burp Intruder-friendly fashion.
Variable names for both sets are generated based on dedicated wordlists.
AUTH VARIABLES Basic auth variable names simply come from one wordlist (list_auth.txt). Sample authentication words (and variables): auth, login, authenticated, admin, valid_user, valid-user (full list in list_auth.txt).
DEBUG VARIABLES Basic verbosity management variable names come from a combination of two base wordlists; verbs (list-debug-verbs.txt) and nouns (list-debug.txt) Example verbs: show, display, view. Example nouns: error, errors, debug.
Additionally to verb+noun, the following mutations are generated: verb noun verb+ucfirst(noun) verb+'_'+noun verb+'-'+noun Sample debug variables: show,view,debug,error,showErrors,show_error,show-debug.
POSITIVE VALUES Positive values are a small list of strings which are most likely to be perceived as representation of a positive condition in a boolean parameter. At the moment these are: 1, true, TRUE, yes, YES, Y, y.
OUTPUT The final output of this tool consists of two series (one for the cookie format and another for the query string format) of variable=value sets. The number of sets in each series is equal to the number of positive values present in generator's configuration (so in this case we get two sets, each one containing seven payloads).
By default, the results are saved in the local directory in output_cookies.txt and output_query.txt, respectively.
An example run:
ewilded $ php generate_magic_params.php ewilded $ head -n 2 output_* ==> output_cookies.txt <== auth=1; login=1; authenticated=1; admin=1; valid_user=1; valid-user=1; validuser=1; authenticated-user=1; authenticated_user=1; authenticateduser=1; valid=1; user=1; logged=1; loggedin=1; logged-in=1; logged_in=1; login=1; administrator=1; adminuser=1; admin-user=1; admin_user=1; is_valid=1; isvalid=1; is-valid=1; is_admin=1; isadmin=1; is-admin=1; isauthenticated=1; is-authenticated=1; is_authenticated=1; isuser=1; is_user=1; is-user=1; autologin=1; auto-login=1; auto_login=1; userid=1; user_id=1; user-id=1; signid=1; sign_id=1; sign-id=1; show=1; display=1; set=1; view=1; see=1; list=1; debug=1; verbose=1; errors=1; verbosity=1; level=1; log=1; logs=1; error=1; SHOW=1; DISPLAY=1; SET=1; VIEW=1; SEE=1; LIST=1; DEBUG=1; VERBOSE=1; ERRORS=1; VERBOSITY=1; LEVEL=1; LOG=1; LOGS=1; ERROR=1; show-debug=1; show_debug=1; showdebug=1; showDebug=1; display-debug=1; display_debug=1; displaydebug=1; displayDebug=1; set-debug=1; set_debug=1; setdebug=1; setDebug=1; view-debug=1; view_debug=1; viewdebug=1; viewDebug=1; see-debug=1; see_debug=1; seedebug=1; seeDebug=1; list-debug=1; list_debug=1; listdebug=1; listDebug=1; show-verbose=1; show_verbose=1; showverbose=1; showVerbose=1; display-verbose=1; display_verbose=1; displayverbose=1; displayVerbose=1; set-verbose=1; set_verbose=1; setverbose=1; setVerbose=1; view-verbose=1; view_verbose=1; viewverbose=1; viewVerbose=1; see-verbose=1; see_verbose=1; seeverbose=1; seeVerbose=1; list-verbose=1; list_verbose=1; listverbose=1; listVerbose=1; show-errors=1; show_errors=1; showerrors=1; showErrors=1; display-errors=1; display_errors=1; displayerrors=1; displayErrors=1; set-errors=1; set_errors=1; seterrors=1; setErrors=1; view-errors=1; view_errors=1; viewerrors=1; viewErrors=1; see-errors=1; see_errors=1; seeerrors=1; seeErrors=1; list-errors=1; list_errors=1; listerrors=1; listErrors=1; show-verbosity=1; show_verbosity=1; showverbosity=1; showVerbosity=1; display-verbosity=1; display_verbosity=1; displayverbosity=1; displayVerbosity=1; set-verbosity=1; set_verbosity=1; setverbosity=1; setVerbosity=1; view-verbosity=1; view_verbosity=1; viewverbosity=1; viewVerbosity=1; see-verbosity=1; see_verbosity=1; seeverbosity=1; seeVerbosity=1; list-verbosity=1; list_verbosity=1; listverbosity=1; listVerbosity=1; show-level=1; show_level=1; showlevel=1; showLevel=1; display-level=1; display_level=1; displaylevel=1; displayLevel=1; set-level=1; set_level=1; setlevel=1; setLevel=1; view-level=1; view_level=1; viewlevel=1; viewLevel=1; see-level=1; see_level=1; seelevel=1; seeLevel=1; list-level=1; list_level=1; listlevel=1; listLevel=1; show-log=1; show_log=1; showlog=1; showLog=1; display-log=1; display_log=1; displaylog=1; displayLog=1; set-log=1; set_log=1; setlog=1; setLog=1; view-log=1; view_log=1; viewlog=1; viewLog=1; see-log=1; see_log=1; seelog=1; seeLog=1; list-log=1; list_log=1; listlog=1; listLog=1; show-logs=1; show_logs=1; showlogs=1; showLogs=1; display-logs=1; display_logs=1; displaylogs=1; displayLogs=1; set-logs=1; set_logs=1; setlogs=1; setLogs=1; view-logs=1; view_logs=1; viewlogs=1; viewLogs=1; see-logs=1; see_logs=1; seelogs=1; seeLogs=1; list-logs=1; list_logs=1; listlogs=1; listLogs=1; show-error=1; show_error=1; showerror=1; showError=1; display-error=1; display_error=1; displayerror=1; displayError=1; set-error=1; set_error=1; seterror=1; setError=1; view-error=1; view_error=1; viewerror=1; viewError=1; see-error=1; see_error=1; seeerror=1; seeError=1; list-error=1; list_error=1; listerror=1; listError=1 auth=true; login=true; authenticated=true; admin=true; valid_user=true; valid-user=true; validuser=true; authenticated-user=true; authenticated_user=true; authenticateduser=true; valid=true; user=true; logged=true; loggedin=true; logged-in=true; logged_in=true; login=true; administrator=true; adminuser=true; admin-user=true; admin_user=true; is_valid=true; isvalid=true; is-valid=true; is_admin=true; isadmin=true; is-admin=true; isauthenticated=true; is-authenticated=true; is_authenticated=true; isuser=true; is_user=true; is-user=true; autologin=true; auto-login=true; auto_login=true; userid=true; user_id=true; user-id=true; signid=true; sign_id=true; sign-id=true; show=true; display=true; set=true; view=true; see=true; list=true; debug=true; verbose=true; errors=true; verbosity=true; level=true; log=true; logs=true; error=true; SHOW=true; DISPLAY=true; SET=true; VIEW=true; SEE=true; LIST=true; DEBUG=true; VERBOSE=true; ERRORS=true; VERBOSITY=true; LEVEL=true; LOG=true; LOGS=true; ERROR=true; show-debug=true; show_debug=true; showdebug=true; showDebug=true; display-debug=true; display_debug=true; displaydebug=true; displayDebug=true; set-debug=true; set_debug=true; setdebug=true; setDebug=true; view-debug=true; view_debug=true; viewdebug=true; viewDebug=true; see-debug=true; see_debug=true; seedebug=true; seeDebug=true; list-debug=true; list_debug=true; listdebug=true; listDebug=true; show-verbose=true; show_verbose=true; showverbose=true; showVerbose=true; display-verbose=true; display_verbose=true; displayverbose=true; displayVerbose=true; set-verbose=true; set_verbose=true; setverbose=true; setVerbose=true; view-verbose=true; view_verbose=true; viewverbose=true; viewVerbose=true; see-verbose=true; see_verbose=true; seeverbose=true; seeVerbose=true; list-verbose=true; list_verbose=true; listverbose=true; listVerbose=true; show-errors=true; show_errors=true; showerrors=true; showErrors=true; display-errors=true; display_errors=true; displayerrors=true; displayErrors=true; set-errors=true; set_errors=true; seterrors=true; setErrors=true; view-errors=true; view_errors=true; viewerrors=true; viewErrors=true; see-errors=true; see_errors=true; seeerrors=true; seeErrors=true; list-errors=true; list_errors=true; listerrors=true; listErrors=true; show-verbosity=true; show_verbosity=true; showverbosity=true; showVerbosity=true; display-verbosity=true; display_verbosity=true; displayverbosity=true; displayVerbosity=true; set-verbosity=true; set_verbosity=true; setverbosity=true; setVerbosity=true; view-verbosity=true; view_verbosity=true; viewverbosity=true; viewVerbosity=true; see-verbosity=true; see_verbosity=true; seeverbosity=true; seeVerbosity=true; list-verbosity=true; list_verbosity=true; listverbosity=true; listVerbosity=true; show-level=true; show_level=true; showlevel=true; showLevel=true; display-level=true; display_level=true; displaylevel=true; displayLevel=true; set-level=true; set_level=true; setlevel=true; setLevel=true; view-level=true; view_level=true; viewlevel=true; viewLevel=true; see-level=true; see_level=true; seelevel=true; seeLevel=true; list-level=true; list_level=true; listlevel=true; listLevel=true; show-log=true; show_log=true; showlog=true; showLog=true; display-log=true; display_log=true; displaylog=true; displayLog=true; set-log=true; set_log=true; setlog=true; setLog=true; view-log=true; view_log=true; viewlog=true; viewLog=true; see-log=true; see_log=true; seelog=true; seeLog=true; list-log=true; list_log=true; listlog=true; listLog=true; show-logs=true; show_logs=true; showlogs=true; showLogs=true; display-logs=true; display_logs=true; displaylogs=true; displayLogs=true; set-logs=true; set_logs=true; setlogs=true; setLogs=true; view-logs=true; view_logs=true; viewlogs=true; viewLogs=true; see-logs=true; see_logs=true; seelogs=true; seeLogs=true; list-logs=true; list_logs=true; listlogs=true; listLogs=true; show-error=true; show_error=true; showerror=true; showError=true; display-error=true; display_error=true; displayerror=true; displayError=true; set-error=true; set_error=true; seterror=true; setError=true; view-error=true; view_error=true; viewerror=true; viewError=true; see-error=true; see_error=true; seeerror=true; seeError=true; list-error=true; list_error=true; listerror=true; listError=true
==> output_query.txt <== auth=1&login=1&authenticated=1&admin=1&valid_user=1&valid-user=1&validuser=1&authenticated-user=1&authenticated_user=1&authenticateduser=1&valid=1&user=1&logged=1&loggedin=1&logged-in=1&logged_in=1&login=1&administrator=1&adminuser=1&admin-user=1&admin_user=1&is_valid=1&isvalid=1&is-valid=1&is_admin=1&isadmin=1&is-admin=1&isauthenticated=1&is-authenticated=1&is_authenticated=1&isuser=1&is_user=1&is-user=1&autologin=1&auto-login=1&auto_login=1&userid=1&user_id=1&user-id=1&signid=1&sign_id=1&sign-id=1&show=1&display=1&set=1&view=1&see=1&list=1&debug=1&verbose=1&errors=1&verbosity=1&level=1&log=1&logs=1&error=1&SHOW=1&DISPLAY=1&SET=1&VIEW=1&SEE=1&LIST=1&DEBUG=1&VERBOSE=1&ERRORS=1&VERBOSITY=1&LEVEL=1&LOG=1&LOGS=1&ERROR=1&show-debug=1&show_debug=1&showdebug=1&showDebug=1&display-debug=1&display_debug=1&displaydebug=1&displayDebug=1&set-debug=1&set_debug=1&setdebug=1&setDebug=1&view-debug=1&view_debug=1&viewdebug=1&viewDebug=1&see-debug=1&see_debug=1&seedebug=1&seeDebug=1&list-debug=1&list_debug=1&listdebug=1&listDebug=1&show-verbose=1&show_verbose=1&showverbose=1&showVerbose=1&display-verbose=1&display_verbose=1&displayverbose=1&displayVerbose=1&set-verbose=1&set_verbose=1&setverbose=1&setVerbose=1&view-verbose=1&view_verbose=1&viewverbose=1&viewVerbose=1&see-verbose=1&see_verbose=1&seeverbose=1&seeVerbose=1&list-verbose=1&list_verbose=1&listverbose=1&listVerbose=1&show-errors=1&show_errors=1&showerrors=1&showErrors=1&display-errors=1&display_errors=1&displayerrors=1&displayErrors=1&set-errors=1&set_errors=1&seterrors=1&setErrors=1&view-errors=1&view_errors=1&viewerrors=1&viewErrors=1&see-errors=1&see_errors=1&seeerrors=1&seeErrors=1&list-errors=1&list_errors=1&listerrors=1&listErrors=1&show-verbosity=1&show_verbosity=1&showverbosity=1&showVerbosity=1&display-verbosity=1&display_verbosity=1&displayverbosity=1&displayVerbosity=1&set-verbosity=1&set_verbosity=1&setverbosity=1&setVerbosity=1&view-verbosity=1&view_verbosity=1&viewverbosity=1&viewVerbosity=1&see-verbosity=1&see_verbosity=1&seeverbosity=1&seeVerbosity=1&list-verbosity=1&list_verbosity=1&listverbosity=1&listVerbosity=1&show-level=1&show_level=1&showlevel=1&showLevel=1&display-level=1&display_level=1&displaylevel=1&displayLevel=1&set-level=1&set_level=1&setlevel=1&setLevel=1&view-level=1&view_level=1&viewlevel=1&viewLevel=1&see-level=1&see_level=1&seelevel=1&seeLevel=1&list-level=1&list_level=1&listlevel=1&listLevel=1&show-log=1&show_log=1&showlog=1&showLog=1&display-log=1&display_log=1&displaylog=1&displayLog=1&set-log=1&set_log=1&setlog=1&setLog=1&view-log=1&view_log=1&viewlog=1&viewLog=1&see-log=1&see_log=1&seelog=1&seeLog=1&list-log=1&list_log=1&listlog=1&listLog=1&show-logs=1&show_logs=1&showlogs=1&showLogs=1&display-logs=1&display_logs=1&displaylogs=1&displayLogs=1&set-logs=1&set_logs=1&setlogs=1&setLogs=1&view-logs=1&view_logs=1&viewlogs=1&viewLogs=1&see-logs=1&see_logs=1&seelogs=1&seeLogs=1&list-logs=1&list_logs=1&listlogs=1&listLogs=1&show-error=1&show_error=1&showerror=1&showError=1&display-error=1&display_error=1&displayerror=1&displayError=1&set-error=1&set_error=1&seterror=1&setError=1&view-error=1&view_error=1&viewerror=1&viewError=1&see-error=1&see_error=1&seeerror=1&seeError=1&list-error=1&list_error=1&listerror=1&listError=1 auth=true&login=true&authenticated=true&admin=true&valid_user=true&valid-user=true&validuser=true&authenticated-user=true&authenticated_user=true&authenticateduser=true&valid=true&user=true&logged=true&loggedin=true&logged-in=true&logged_in=true&login=true&administrator=true&adminuser=true&admin-user=true&admin_user=true&is_valid=true&isvalid=true&is-valid=true&is_admin=true&isadmin=true&is-admin=true&isauthenticated=true&is-authenticated=true&is_authenticated=true&isuser=true&is_user=true&is-user=true&autologin=true&auto-login=true&auto_login=true&userid=true&user_id=true&user-id=true&signid=true&sign_id=true&sign-id=true&show=true&display=true&set=true&view=true&see=true&list=true&debug=true&verbose=true&errors=true&verbosity=true&level=true&log=true&logs=true&error=true&SHOW=true&DISPLAY=true&SET=true&VIEW=true&SEE=true&LIST=true&DEBUG=true&VERBOSE=true&ERRORS=true&VERBOSITY=true&LEVEL=true&LOG=true&LOGS=true&ERROR=true&show-debug=true&show_debug=true&showdebug=true&showDebug=true&display-debug=true&display_debug=true&displaydebug=true&displayDebug=true&set-debug=true&set_debug=true&setdebug=true&setDebug=true&view-debug=true&view_debug=true&viewdebug=true&viewDebug=true&see-debug=true&see_debug=true&seedebug=true&seeDebug=true&list-debug=true&list_debug=true&listdebug=true&listDebug=true&show-verbose=true&show_verbose=true&showverbose=true&showVerbose=true&display-verbose=true&display_verbose=true&displayverbose=true&displayVerbose=true&set-verbose=true&set_verbose=true&setverbose=true&setVerbose=true&view-verbose=true&view_verbose=true&viewverbose=true&viewVerbose=true&see-verbose=true&see_verbose=true&seeverbose=true&seeVerbose=true&list-verbose=true&list_verbose=true&listverbose=true&listVerbose=true&show-errors=true&show_errors=true&showerrors=true&showErrors=true&display-errors=true&display_errors=true&displayerrors=true&displayErrors=true&set-errors=true&set_errors=true&seterrors=true&setErrors=true&view-errors=true&view_errors=true&viewerrors=true&viewErrors=true&see-errors=true&see_errors=true&seeerrors=true&seeErrors=true&list-errors=true&list_errors=true&listerrors=true&listErrors=true&show-verbosity=true&show_verbosity=true&showverbosity=true&showVerbosity=true&display-verbosity=true&display_verbosity=true&displayverbosity=true&displayVerbosity=true&set-verbosity=true&set_verbosity=true&setverbosity=true&setVerbosity=true&view-verbosity=true&view_verbosity=true&viewverbosity=true&viewVerbosity=true&see-verbosity=true&see_verbosity=true&seeverbosity=true&seeVerbosity=true&list-verbosity=true&list_verbosity=true&listverbosity=true&listVerbosity=true&show-level=true&show_level=true&showlevel=true&showLevel=true&display-level=true&display_level=true&displaylevel=true&displayLevel=true&set-level=true&set_level=true&setlevel=true&setLevel=true&view-level=true&view_level=true&viewlevel=true&viewLevel=true&see-level=true&see_level=true&seelevel=true&seeLevel=true&list-level=true&list_level=true&listlevel=true&listLevel=true&show-log=true&show_log=true&showlog=true&showLog=true&display-log=true&display_log=true&displaylog=true&displayLog=true&set-log=true&set_log=true&setlog=true&setLog=true&view-log=true&view_log=true&viewlog=true&viewLog=true&see-log=true&see_log=true&seelog=true&seeLog=true&list-log=true&list_log=true&listlog=true&listLog=true&show-logs=true&show_logs=true&showlogs=true&showLogs=true&display-logs=true&display_logs=true&displaylogs=true&displayLogs=true&set-logs=true&set_logs=true&setlogs=true&setLogs=true&view-logs=true&view_logs=true&viewlogs=true&viewLogs=true&see-logs=true&see_logs=true&seelogs=true&seeLogs=true&list-logs=true&list_logs=true&listlogs=true&listLogs=true&show-error=true&show_error=true&showerror=true&showError=true&display-error=true&display_error=true&displayerror=true&displayError=true&set-error=true&set_error=true&seterror=true&setError=true&view-error=true&view_error=true&viewerror=true&viewError=true&see-error=true&see_error=true&seeerror=true&seeError=true&list-error=true&list_error=true&listerror=true&listError=true
Payloads can be used with Intruder, Burp's Cookie Jar along with Target->Compare site maps or even Proxy Match->Replace rules in order to reveal hidden application behaviours.