Sheet Intruder is a Burp Suite extension designed to simplify the process of fuzzing for Excel file uploads. It works by representing the content of an Excel file as a tag, which can then be integrated into various locations. This tag then allows configuration such as replacements for fuzzing targets.
Features:
- Seamless Integration: Sheet Intruder seamlessly integrates into Burp Suite's Intruder, Scanner, and Repeater tools, allowing for efficient and comprehensive Excel file manipulation during different stages of testing.
- Both .xls and .xlsx file formats are supported.
- Value Replacement Mode: Use the "<$SheetIntruder>" tag to define value replacements within the Excel file. This mode allows you to search for specific values within cells and replace them with desired substitutions.
- Cell Replacement Mode: Use the "<$SheetIntruderCell>" tag to perform cell-based replacements. You can replace cells either by referencing their cell number (e.g., "A1", "B1") or by specifying cell ranges (e.g., "A1:B12", "CustomSheet! A1:D5").
Workflow:
- Choose your Excel file (.xls and .xlsx supported)
- The selected file is loaded into the extension
- In Repeater, Proxy, Scanner or Intruder you are now able to include the tags
- Before sending the request the provided Excel file is read and the requested modifications made