Sheet Intruder

Sheet Intruder is a Burp Suite extension designed to simplify the process of fuzzing for Excel file uploads. It works by representing the content of an Excel file as a tag, which can then be integrated into various locations. This tag then allows configuration such as replacements for fuzzing targets.

Features:

• Seamless Integration: Sheet Intruder seamlessly integrates into Burp Suite's Intruder, Scanner, and Repeater tools, allowing for efficient and comprehensive Excel file manipulation during different stages of testing.
• Both .xls and .xlsx file formats are supported.
• Value Replacement Mode: Use the "<$SheetIntruder>" tag to define value replacements within the Excel file. This mode allows you to search for specific values within cells and replace them with desired substitutions.
• Cell Replacement Mode: Use the "<$SheetIntruderCell>" tag to perform cell-based replacements. You can replace cells either by referencing their cell number (e.g., "A1", "B1") or by specifying cell ranges (e.g., "A1:B12", "CustomSheet! A1:D5").

Workflow:

1. Choose your Excel file (.xls and .xlsx supported)
2. The selected file is loaded into the extension
3. In Repeater, Proxy, Scanner or Intruder you are now able to include the tags
4. Before sending the request the provided Excel file is read and the requested modifications made