V2025.1 Browser Storage Update

Browser BruterV2025.1 🎉 The Manipulation of Browser Storage

Happy New Year! We're excited to unveil V2025.1, a milestone update for Browser Bruter with a special focus on browser storage manipulation and testing. This release brings powerful new tools to control and safeguard browser storage, empowering you to test web applications like never before.

Highlight: Browser Storage Capabilities

This update introduces advanced browser storage manipulation features, giving you granular control over local and session storage during fuzzing and testing workflows.

New Switches

• --add-storage key:value++key2:value2
  Seamlessly add local storage items to the browser in a key-value pair format. Use ++ to chain multiple pairs in a single command.
• --add-session-storage key:value++key2:value2
  Easily inject session storage key-value pairs for testing transient data and session-specific behaviors.
• --force-storage
  Lock down your local storage data! This switch ensures the values you set with --add-storage cannot be overridden by the web application.
• --force-session-storage
  Gain full control over session storage with this switch, preventing applications from altering your injected session storage data.

v2024.12

Bug Fix:

• Added support for python3.12
• Fixed missing modules not mentioned in requirements.txt file

New Feature:

• Added '--no-reload-page' switch to prevent Browser Bruter from navigating back to "--target" URL after each fuzzing iteration.

v2024.10.17 HACKTOBER UPDATE

Hacktober is here, and so is a new update!

In the spirit of Hacktober, we are excited to announce a brand-new update for Browser Bruter! After extensive testing, we've squashed numerous bugs and added exciting new features to make Browser Bruter better than ever.

Bug Fixes:

• Docker Console Output: Previously, the Docker container would fail to display output after running the script once, forcing users to restart the container. This issue has been resolved, and now the console output functions as expected.
• --fill-values Option: This option wasn't working in earlier versions, but it's now fixed.
• Battering Ram Attack Mode: The report previously displayed only a single element being fuzzed, but now all elements are shown correctly.
• Report Explorer URL Display: In the Request tab, the entire URL (including the domain) was being displayed. Now, only the path after the method name is shown for clarity.
• Argument Validation: If users supplied --elements and --element-payloads (or --payloads and --element-payloads) together, they used to encounter a stack trace. Now, a clear help message is displayed instead.
• Attack Mode Option Check: Previously, selecting attack modes 1 or 2 without using the --elements and --payloads options caused crashes. Similarly, modes 3 or 4 required --elements-payloads but did not enforce the check. These validations are now in place, making error messages user-friendly and avoiding crashes.

New Features:

• Advanced Search in Report Explorer: The new search functionality enhances your ability to explore reports efficiently. Check it out here: Report Explorer Advanced Search
• UI Tweaks: We've added scroll bars in the Request/Response tabs, and attack mode names are now visible in the GUI.
• Enhanced Error Handling: Instead of crashing when a server is slow or an element/browser isn’t found, Browser Bruter now prompts you to retry the attack, preventing unwanted interruptions.
• Improved Code Quality: The tee class has been removed, leading to cleaner and more efficient code.
• Pause Menu Enhancements: You can now toggle verbosity on or off through the pause menu, even if you didn’t use the --verbose switch. More info: Pause & Resume Attacks

New Options:

• --chrome-driver and --chrome-binary: These options allow users to provide their own Chrome browser binary and driver. Learn more: New Browser Options
• --pause-on-popup: This option pauses Browser Bruter when a popup occurs on the webpage, giving you time to manually handle the popup and analyze attacks like cross-site scripting in real-time. Details here: Handling Popups

v2024.10 ReportExplorer Special

Special update focusing on ReportExplorer

Change Note:

• Added option to change fonts size
• Added option to view raw HTTP request and response in Base64 format
• Data now loads faster and overall speed of Report Explorer is increased
• BUG FIX: Previously, while using arrow keys, the data displayed in the HTTP request/response section was mismatched with the selected row. This has been fixed in the new update

v2024.9

Major update bundled with most awaited features.

Change Note:

• Enhanced and more Advanced Python Scripting Engine 2
• Brand new Automatic Navigation Handler
• Docker Support Added
• Graphical User Interface Support
• Bug Fixes

v2024.5.1

Change Log - 2024.5.1
- Bug Fix: Tool was not able to decompress gzip compressed traffic.

V2024.5

Change Logs - 2024.5

• Added support for handling zstd, br, deflate HTTP response encodings.
• Fixed banner issue (Few characters of banners are out of place).
• Converted HTTP response body into string after decompressing it so we can replace it's content (Need To Test)
• Added support for selecting elements by CSS SELECTOR.
• Added Python Scripting Engine 1.0

V2024.4

Official initial public release of BrowserBruter.