Sunday, January 3, 2010

DirChex_v1.2 Released (New Functionality)

The new version of DirChex is ready and available for download Download Here.

So @k3r0s1n3 is on the hook for creating the visual layout of a BT4 specific version ;-) BUT we do have a the exe version and source available for v1.2. In the meantime, the BT4 specific version of 1.1 will remain up on the downloads page. Also, I'd love to hear from someone with a mac/OSX and see how it goes running DirChex on this platform.

Moving along..... DirChex now has two tabs. A 'GET' and a 'PUT' tab.

We've already pointed at how the GET tab works in previous posts. For the 'PUT' tab things get a bit different. For one, the HTTP method is obviously PUT vice GET.  Secondly, you have more options. Thirdly, the file you upload must have the list of URLs in the proper format otherwise the reason for using it is negated.




A file containing correctly formatted URLs

Now for the options

The first options are obvious and the same as the GET tab. You need to choose an input file like the one above. Then select either the default proxy ip/port options or enter your own. The next couple of options require a bit of explanation.

OPTION: Name of the file to PUT

If I want to create a test.txt file on the remote application I would enter test.txt in this field.

OPTION: Text within the field

This is where you would enter the text you would like place in the test.txt file. I've entered "This is my example text"

OPTION: Choose content-type / MIME Property

Here you would want to select the various available content-types (MIME Media). If you are unsure just choose the first available choice 'application/x-www-form-urlencoded'.

OPTION: Choose your user-agent

This one is self explanatory.

When all options are correctly filled in it should look like this:

This is what the request would look like in raw form (using Burp Suite)

If you have any questions/comments let us know, suggestions are welcome!

Lastly, we are aware that the program freezes up until all requests are completed. Apologies, we are working on this. For now, some functionality was added and I hope you find it useful.

Happy Hacking!

~cktricky & k3r0s1n3

No comments: