Direct Object Reference Exploitation

This is a tool used to exploit IDOR vulnerability in an automated manner (This is just a PoC, this tool might be ported to any other language). Now, what do I mean by automated? It can exploit IDOR vuln. like a boss! Eventhough there are a few limitations with this too.

• This section will have an update soon, but anyways this tool requires you to understand python so you can actually start using it right away with the help of script.py and Doc-strings.

• Uses TOR by default. (local socks5 proxy as a Tor gateway)
• Has got a really useful function (get_max_id) which basically can obtain max ID from the endpoint. (last/final numerical id)
• A cool UI and animations during the exploitation duration. Just try using it!
• Doc-strings to understand what what does the function actually does.
• Can be used to do perform other web explaitation tasks over Tor network, all thanks to awesome functions like request, match. These functions might look normal, but these are really powerful stuff.

• Currently supports numeric field (animations, and get_max_id)
• Needs refactoring since it does not follow a few good practices.

• Adding binary search method for the function get_max_id

Note: A few functions might not work with OSX directly, working on get_max_id and then will start to work to port the code to be usable with OSX.

Will write this soon, but you may try to check by reading script.py out. And, peeking at the docstrings.