Hello friends!! Today you will learn how to extract username from any social site such as Facebook, LinkedIn and etc. using burp suite pro. Burpsuite pro provides Python Scripter as an advance option which can be helpful in gathering username for the process of reconnaissance in penetration testing.
Python Scripter: This extension allows execution of a custom Python script on each HTTP request and response processed by Burp.
To use, type or paste a Python script into the “Script” tab, and use Burp in the normal way. The script will be executed for each HTTP request and response.
Let’s Start!!
First to install the extension Python Scripter from the BApp Store in the Extender Tab, we need to install the Jython standalone-2.7.0 JAR file. Now explore the Extender tab then click on options tab and browse the location for the Jython standalone JAR as shown in the image
Now we can simply install the Python Scripter extension from the BApp Store.
Now click on this link (https://raw.githubusercontent.com/clr2of8/Gather-Usernames-From-Google-LinkedIn-Results/master/scrape-google-linkedin.txt) and copy the complete code.
Now paste the copied code on the Script Tab formed by installing the Python Scripter Extension. If you will analysis this python script then you will realize that, it has been design for LinkedIn therefore we will look for LinkedIn username. But if you want to gather Facebook or any other website username then replace it from the word ‘LinkedIn’
Now go to the Extensions Tab within the Extender Tab then click on Output Tab and select Save to File option in order to save the username in any text document as an output result, here we have given the path of our empty txt file where all the username’s will be saved.
Now just do a Google search with help of Google dork of site:linkedin.com/in “certification name” “Company Name” as shown in the image.
Here using above Google dork we will extract LinkedIn username who is CEH certified employee of ignite technologies.
As you can see we have intercept the request of the Google search in a usual way using burpsuite, now close the intercept tab and the script will save the usernames in the .txt file.
In the end we can see all the usernames related to the company are saved, as Google limits result 10 per page we can also save usernames on the next pages. This technique is very useful where we want to gather a large list of names quickly and easily.
Author: Ashray Gupta is a Researcher and Technical Writer at Hacking Articles. He is a certified ethical hacker, web penetration tester and a researcher in nanotechnology. Contact Here
The post Extract LinkedIn Usernames from Google using Burpsuite pro appeared first on Hacking Articles.