I’m excited to announce another addition to the Burp Co2 extension bundle in v0.5 of Burp Co2 (download): The “Name Mangler”.
Ever found yourself working on a web pen test for an organization where you have gathered a list of users and suspect a username harvesting vulnerability but have not yet worked out the username format for a login form? Is it jsmith or j-smith or smithj or james.smith or something else? This is the scenario that the Co2 Name Mangler module aims to assist with. Simply paste in your list of users on the left (First and Last name is required. Middle names are optional), optionally add some domains if you want to include email address variations, select any other options and press the “Mangle Names” button. A list of potential usernames is generated on the right than can be copied and pasted directly into Burp Intruder.
Jason Gillam is a Senior Security Consultant with Secure Ideas. If you are in need of a penetration test or other security consulting services you can contact him at firstname.lastname@example.org, on Twitter @JGillam, or visit the Secure Ideas – ProfessionallyEvil site for services provided.