[
  {
    "path": "README.md",
    "content": "# CollabOzark\nCollabOzark is a simple tool which helps the researchers track SSRF, Blind XSS, XXE, SQLi, External Resource Access payloads triggers.\n\nI wanted a basic solution easy to implement and hence this tool do not use SQL database. It keeps the data saved under JSON files.\n\nThis single file can be used with your BURP collaborator polling URL to keep a track of all the hits you got from your payloads, be it SSRF, XXE, RCE, XSS, SQL etc.\n\nAs we have noticed previously a lot of researchers implement thier own VPS just to keep a track of hits they get from thier payloads. Many times it take a long time to get response from the payloads we inserted and hence a better and a more cost effective solution was required to keep a track of all the hits we get from the payloads we throw around the applications.\n\nThis tool can be easily implemented on a subdomain or a subdirectory of your hosting. We do not require a complete VPS with root access to implement such logs tracking system anymore. \n\nHere are the steps you need to follow to implement this tool on your shared hosting.\n1. Launch your BURP Suite.\n2. Visit Project options -> Misc -> Burp Collaborator Server, tick the \"Poll over unencrypted HTTP\" option.\n3. Launch your Wireshark and now click on \"Run Health Check\" button in your Burp.\n4. In the wireshark choose HTTP traffic and you will find your current BURP Project collaborator subdomain XxXxXx.burpcollaborator.net\n5. Also copy the Biid token value from the next URL http://polling.burpcollaborator.net/burpresults?biid=YOUR_TOKEN\n\nNow replace just replace the [YOUR TOKEN] value with YOUR_TOKEN_HERE in 89th line of the PHP code.\n\n<b>Host the PHP file on your shared hosting and make sure to secure it using HTACCESS.</b> Now trigger some logs by visiting the URL in 4th step and refresh your hosted php file, you will notice all the Logs visible in your dashboard. It will show you HTTP, HTTPS, DNS, SMTP logs on your dashboard.\n\nThe dashboard will not only show you all the details grabbed from BURP polling but also fetch other additional information using IP tools about the IP address which triggered the log.\n\nTODO\n1. Add other logs which I might have missed.\n2. Add notification and auto update of new payload triggers.\n3. Result Filtering.\n4. Filtered removal of logs.\n\nSuggestions are welcome. Feel free to reach me out if you would like to collaborate in this project. \n"
  },
  {
    "path": "index.php",
    "content": "<?php\n//Check if the directory with the name already exists\nif (!is_dir('mmMiJS0n1q')) {\n//Create our directory if it does not exist\nmkdir('mmMiJS0n1q');\n}\n\n//Clearing up the logs if DELETE Type request is found.\nif($_SERVER['REQUEST_METHOD'] === 'DELETE'){\n    $files = scandir('./mmMiJS0n1q/');\n    foreach($files as $file) {\n        if ('.' === $file) continue;\n        if ('..' === $file) continue;\n        unlink(\"mmMiJS0n1q/\".$file);\n    }\n    die();\n}\n?>\n\n<!DOCTYPE html>\n<html lang=\"en\">\n    <head>\n        <meta http-equiv=\"content-type\" content=\"text/html; charset=UTF-8\">\n        <meta charset=\"utf-8\">\n        <title>C0ll4bOz4rk</title>\n        <meta name=\"generator\" content=\"Bootply\" />\n        <meta name=\"viewport\" content=\"width=device-width, initial-scale=1, maximum-scale=1\">\n        <meta name=\"description\" content=\"Bootstrap expanding rows example.\" />\n        <link href=\"https://netdna.bootstrapcdn.com/bootstrap/3.0.3/css/bootstrap.min.css\" rel=\"stylesheet\">\n        <!--[if lt IE 9]>\n          <script src=\"https://html5shim.googlecode.com/svn/trunk/html5.js\"></script>\n        <![endif]-->\n        <link rel=\"apple-touch-icon\" href=\"/bootstrap/img/apple-touch-icon.png\">\n        <link rel=\"apple-touch-icon\" sizes=\"72x72\" href=\"/bootstrap/img/apple-touch-icon-72x72.png\">\n        <link rel=\"apple-touch-icon\" sizes=\"114x114\" href=\"/bootstrap/img/apple-touch-icon-114x114.png\">\n        <!-- CSS code from Bootply.com editor -->\n        <style type=\"text/css\">\n        </style>\n    </head>\n    <body >\n            <div class=\"col-lg-6\" style=\"width:100%;\">\n        \t  <div class=\"panel panel-default\">\n            <div class=\"panel-heading\"><h3>CollabOzark External Resource Access Logs Panel - Securityidiots</h3></div>\n            <div class=\"panel-body\">\n<table class=\"table table-condensed\" style=\"border-collapse:collapse;\">\n    <thead>\n        <tr><th>&nbsp;</th>\n            <th>Type</th>\n            <th>IP</th>\n            <th>Domain/Path/Email</th>\n            <th>Time</th>\n            <th>IP Organisation</th>\n        </tr>\n    </thead>\n    <tbody>\n<?php\n//You can set your Own TIME ZONE over here\ndate_default_timezone_set('Asia/Kolkata');\n\n//Function for time based comparison for usort.\nfunction cmp($a, $b) {\n  if(!isset($a['time']))\n    return 0;\n  if ($a['time'] == $b['time']) {\n    return 0;\n  }\n  return ($a['time'] > $b['time']) ? -1 : 1;\n}\n\n//JSON Array to collect all data\n$json_data[]=array();\n\n//Collecting all the files under mmMiJS0n1q to fetch the data\n$files = scandir('./mmMiJS0n1q/');\nif(!empty($files))\nforeach($files as $file) {\n    if ('.' === $file) continue;\n    if ('..' === $file) continue;\n    $json = json_decode(file_get_contents(\"mmMiJS0n1q/\".$file),true);\n    foreach($json as $valjson){\n        //var_dump($valjson);\n        //echo \"<br><br>\";\n        if(!empty($valjson))\n            $json_data[] = $valjson;\n    }\n}\n\n//Collecting BURP Polling results (UPDATE YOUR biid here)\n$file_data = file_get_contents('http://polling.burpcollaborator.net/burpresults?biid=YOUR_TOKEN_HERE');\n\n//Extracting IP details using iplocate API\nif($file_data != \"{}\"){\n    $json_new = json_decode($file_data,true);;\n    $js_array = array();\n    foreach($json_new['responses'] as $valjson){\n        $valjson['interactionString'] = file_get_contents('https://www.iplocate.io/api/lookup/'.htmlentities($valjson['client']));\n        if(!empty($valjson))\n            $js_array[] = $valjson;\n    }\n    uasort($js_array, 'cmp');\n    file_put_contents('mmMiJS0n1q/'.time().'.json', json_encode($js_array));\n    foreach($json_data as $valjson){\n        if(!empty($valjson))\n            $js_array[]=$valjson;\n    }\n    $json_data = $js_array;\n    }elseif(empty($json_data)){\n        exit();\n    }\n\n//Time based Sorting the gathered data\nuasort($json_data, 'cmp');\n\n$i=0;\n//presenting the complete data.\nforeach($json_data as $value){\n        if(empty($value)) continue;\n        $request = '';\n        $path = '';\n        $ip_details = $value['interactionString'];\n        $array_ip_details = json_decode($ip_details,true);\n        if($value['protocol']=='http' || $value['protocol']=='https' ){\n                $request = base64_decode($value['data']['request']);\n                $path = explode(\" \",$request);\n                $path = $path[1];\n                $expand_data = '<p>'.nl2br(htmlentities($request)).'</p>';\n        }elseif($value['protocol']=='smtp' || $value['protocol']=='dns'){\n                $expand_data = '<table class=\"table table-bordered\" style=\"width:30%;\">\n                  <tr ><td><b>Organisation</b></td><td>'.$array_ip_details['org'].'</td></tr>\n                  <tr ><td><b>Country</b></td><td>'.$array_ip_details['country'].'</td></tr>\n                  '.($array_ip_details['city']!=NULL ? '<tr><td><b>City</b></td><td>'.$array_ip_details['city'].'</td></tr>':'').'\n                  '.($array_ip_details['time_zone']!=NULL ? '<tr><td><b>Time Zone</b></td><td>'.$array_ip_details['time_zone'].'</td></tr>':'').'\n                  '.($array_ip_details['postal_code'] != NULL ? '<tr ><td><b>Postal Code</b></td><td>'.$array_ip_details['postal_code'].'</td></tr>':'').'\n                  <tr ><td><b>ASN</b></td><td><a href=\"https://ipinfo.io/'.$array_ip_details['asn'].'\" target=\"_blank\">'.$array_ip_details['asn'].'</a></td></tr>\n                  '.($array_ip_details['subdivision']!=NULL?'<tr ><td><b>Subdivision 1</b></td><td>'.$array_ip_details['subdivision'].'</td></tr>':'').'\n                  '.($array_ip_details['subdivision2']!=NULL?'<tr ><td><b>Subdivision 2</b></td><td>'.$array_ip_details['subdivision2'].'</td></tr>':'').'\n                  <tr ><td><b>Map</b></td><td><a href=\"http://maps.google.com/?q='.$array_ip_details['latitude'].','.$array_ip_details['longitude'].'\" target=\"_Blank\">'.$array_ip_details['latitude'].','.$array_ip_details['longitude'].'</a></td></tr>';\n                  if($value['protocol']=='smtp'){\n                    $path = base64_decode($value['data']['sender']);\n                      foreach($value['data']['recipients'] as $rcpt){\n                          $expand_data .= '<tr ><td><b>Receipts</b></td><td>'.htmlentities(base64_decode($rcpt)).'</td></tr>';\n                      }\n                  }else{\n                      $path = $value['data']['subDomain'];\n                  }\n                 \t$expand_data .= '</table>';\n        }\n        $column = '<tr data-toggle=\"collapse\" data-target=\"#demo'.++$i.'\" class=\"accordion-toggle\" bgcolor='.(strpos( htmlentities($value['protocol']), 'http' ) !== false ? '\"#E5FFCC\"' : (htmlentities($value['protocol']) === 'dns'? '\"lavender\"' : '\"#FB9A8D\"')).'>\n                  <td><button class=\"btn btn-default btn-xs\"><span class=\"glyphicon glyphicon-eye-open\"></span></button></td>\n            <td width=\"100\">'.htmlentities($value['protocol']).'</td>\n            <td width=\"150\">'.htmlentities($value['client']).'</td>\n            <td>'.htmlentities($path).'</td>\n            <td>'.htmlentities(date('jS F Y h:i:s A (T)',substr_replace($value['time'] ,\"\", -3))).'</td>\n            <td>'.$array_ip_details['org'].'</td>\n        </tr>\n        <tr>\n            <td colspan=\"12\" class=\"hiddenRow\"><div class=\"accordian-body collapse\" id=\"demo'.$i.'\">\n              '.$expand_data.'\n              </div></td>\n        </tr>';\n        echo $column.\"\\n\";\n}\n\n?>\n</tbody>\n</table>\n        </div>\n  <center><a href=\"/\" onclick='sendDelete(event)'><button  class=\"btn btn-danger\">Clear Logs</button></a></center>\n<br>\n      </div>\n\n  </div>\n</div>\n    <script type='text/javascript' src=\"https://ajax.googleapis.com/ajax/libs/jquery/1.9.1/jquery.min.js\"></script>\n    <script type='text/javascript' src=\"https://netdna.bootstrapcdn.com/bootstrap/3.0.3/js/bootstrap.min.js\"></script>\n   <script>\n    function sendDelete(event){\n        var xhttp = new XMLHttpRequest();\n        event.preventDefault();\n        xhttp.open(\"DELETE\", \"./index.php\", true);\n        xhttp.send();\n        window.location.replace(\"./\");\n    }\n   </script>\n    <!-- JavaScript Reloader\n    <script>\n    setTimeout(function() {\n      location.reload();\n    }, 10000);\n    </script>\n       -->\n</body>\n</html>\n"
  }
]