This is a Burp Suite extension designed to test different content types in HTTP requests. It allow users to test all possibilities of Content-Types (e.g., urlencoded, JSON, XML) and observe the responses in a user-friendly interface.
- There are many times when we're trying to find CSRF, IDOR, ATO, and other types of vulnerabilities that involve certain restrictions. One common technique is changing the Content-Type header, but doing it manually isn't fun and can be exhausting. With this extension, all the checks happen with a single click
- Send HTTP requests with different content types.
- View request and response details in a split-pane interface.
- Delete entries using the delete key.
- Support for multiple test cases, including combinations of header and body formats.
-
Prerequisites:
- Burp Suite Professional or Community Edition.
- Jython standalone JAR file (for running Python extensions in Burp Suite).
- Installation guide LINK
-
Steps:
- Download the extension code.
- Open Burp Suite and go to the "Extensions" tab.
- Click on "Add" in the "installed" section.
- Browse to the location of
TypeXplorer.pyand select it. - Click "Next" and then "Close" to load the extension.
Deleting Entries:
- Select an endpoint in the list.
- Press the delete key to remove it from the list.
Sending Requests:
- Right-click on a request in Burp Suite (e.g., in the Proxy or Repeater tab).
- Select "Send to TypeXplorer" from the context menu.
- The request will be added to the extension's endpoint list.
- Now you have to check what test you want to do and click on
test selected.
- After test done you can see this label and can check the result
You can see list of some write-ups and research related to this topic :
Contributions are welcome! Please follow these steps:
- Fork the repository.
- Create a new branch for your feature or bug fix.
- Make your changes and commit them with descriptive messages.
- Push your branch to your fork.
- Open a pull request to the main repository.