README Version: [English | 简体中文]
CaA is an auxiliary project in the field of cybersecurity (vulnerability research), primarily used for analyzing and dissecting HTTP protocol packets. It extracts information such as parameters, paths, files, and parameter values from HTTP packets, and counts their frequency of occurrence, helping users build practical and operationally valuable Fuzzing dictionaries. In addition, CaA can generate various types of HTTP requests that can be used with BurpSuite Intruder for Fuzzing tasks.
The design concept of CaA originates from Web Fuzzing technology, aiming to help users uncover hidden vulnerability surfaces. By collecting, analyzing, and organizing information, CaA enables users to achieve true data mining.
Source of Inspiration:
Awards and Recognitions:
Notes:
- Starting with CaA version 1.0, development is done using the Montoya API. To use the new version of CaA, you need to upgrade your BurpSuite version (>=2023.12.1).
Plugin Installation: Extender - Extensions - Add - Select File - Next
When you load CaA for the first time, it will automatically create the configuration file Config.json and the database file CaA.db:
- For Linux/Mac users:
~/.config/CaA/ - For Windows users:
%USERPROFILE%/.config/CaA/
In addition, you can also choose to place the configuration files in the /.config/CaA/ directory under the same folder as the CaA Jar package, for easier offline portability.
- You can conveniently right-click on parameter values of RAW, JSON, or XML type in the CollectInfo panel to copy them, making it easy to use in request testing.
- You can generate a Payload in the Generator module, then use it in the Intruder module by selecting
Extension-generated-CaA Payload Generator. Lastly, don't forget to disable URL encoding.
Types of Collected Information:
- GET and POST normal-form parameters and their values;
- Cookie names and values;
- POST (JSON, Multipart, XML) parameters and their values;
- Layered paths, filenames, and full URLs.
Generated Payload Information:
- GET requests;
- POST requests;
- POST With JSON requests;
- POST With XML requests;
- POST With Multipart requests;
- Requests for layered directory traversal.
| Interface Name | Interface Display |
|---|---|
| Databoard (Data Collection) |  |
| Config (Configuration Management) |  |
| Generator (Payload Generation) |  |
| CollectInfo (Data Display) |  |
We appreciate everyone's support for the project. The following list is sorted based on the time of appreciation and is not in any particular order. If there are any omissions, please contact the project author for additions.
| ID | Amount |
|---|---|
| 树则 | 18.80 CNY |
| 蒙蒙大 | 10.00 CNY |
| 耳东 | 20.00 CNY |
If you find CaA useful, you can show your appreciation by donating to the author, giving them the motivation to continue updating and improving it!
