Bad Character Wordlist Generator

This extension is designed for creating wordlists with "bad characters" for penetration testing and bug hunting. It supports encoding options and prefix/suffix customization, or custom wordlist for generating payloads.

Features

• Generate wordlists containing bad characters.
• Add custom prefixes and suffixes to payloads.
• Apply Base64, URL, HTML, Unicode, or Hex encoding characters to payloads.
• Directly use generated wordlists in Intruder
• Easily save wordlists to a file or copy them to your clipboard.

Usage

Wordlist generator

1. Navigate to the BadChar tab.
2. Click "Generate Wordlist" to create a list of bad characters.
3. Add a prefix or suffix using the text fields and click "Apply Prefix/Suffix."
4. Choose an encoding method by clicking the respective button (e.g., "Base64 Encode").
5. Click "Generate Wordlist", "Apply Prefix/Suffix" or "Clear Wordlist" to refresh your list.

Integration with Intruder

1. Send a request to Burp Suite Intruder.
2. In the Payloads menu, choose "Extension-generated".
3. Select "BadChar" as the generator.
4. Start the attack.