Created by Sayed Hamzah (Twitter: @xxxbaemaxxx)
This is a Burp Plugin implementation of the TokenChpoken Tool developed by ERPScan.
To use it, go to the dist/ folder and download the .py file onto your machine. Then simply add it as a Burp Plugin under the "Extender" tab. (Jython is required for this plugin to work!)
- Extracts and displays token information based on the decompressed data
- Generates the Hashcat format : to perform brute-force/dictionary attacks in order to obtain the local node password
- Generates a new PSTOKEN value that can be used in order to authenticate as another user (requires knowledge of the local node password, if need be)