<?xml version="1.0"?><!DOCTYPE items [<!ELEMENT items (item*)><!ATTLIST items burpVersion CDATA ""><!ATTLIST items exportTime CDATA ""><!ELEMENT item (time, url, host, port, protocol, method, path, extension, request, status, responselength, mimetype, response, comment)><!ELEMENT time (#PCDATA)><!ELEMENT url (#PCDATA)><!ELEMENT host (#PCDATA)><!ATTLIST host ip CDATA ""><!ELEMENT port (#PCDATA)><!ELEMENT protocol (#PCDATA)><!ELEMENT method (#PCDATA)><!ELEMENT path (#PCDATA)><!ELEMENT extension (#PCDATA)><!ELEMENT request (#PCDATA)><!ATTLIST request base64 (true|false) "false"><!ELEMENT status (#PCDATA)><!ELEMENT responselength (#PCDATA)><!ELEMENT mimetype (#PCDATA)><!ELEMENT response (#PCDATA)><!ATTLIST response base64 (true|false) "false"><!ELEMENT comment (#PCDATA)>]><items burpVersion="2025.8.1" exportTime="Sun Aug 31 10:30:52 CEST 2025">  <item>    <time>Sun Aug 31 10:30:22 CEST 2025</time>    <url><![CDATA[https://0a340073042ccb5b80ca305a0021007c.web-security-academy.net/login]]></url>    <host ip="10.10.33.44">0a340073042ccb5b80ca305a0021007c.web-security-academy.net</host>    <port>443</port>    <protocol>https</protocol>    <method><![CDATA[POST]]></method>    <path><![CDATA[/login]]></path>    <extension>null</extension>    <request base64="true"><![CDATA[UE9TVCAvbG9naW4gSFRUUC8yDQpIb3N0OiAwYTM0MDA3MzA0MmNjYjViODBjYTMwNWEwMDIxMDA3Yy53ZWItc2VjdXJpdHktYWNhZGVteS5uZXQNCkNvb2tpZTogc2Vzc2lvbj10Q295MndnNXk4UWJRREVKVDBhWnNzenBrV1I0aDI5RA0KVXNlci1BZ2VudDogTW96aWxsYS81LjAgKFgxMTsgTGludXggeDg2XzY0OyBydjoxMjguMCkgR2Vja28vMjAxMDAxMDEgRmlyZWZveC8xMjguMA0KQWNjZXB0OiAqLyoNCkFjY2VwdC1MYW5ndWFnZTogZW4tVVMsZW47cT0wLjUNCkFjY2VwdC1FbmNvZGluZzogZ3ppcCwgZGVmbGF0ZSwgYnINClJlZmVyZXI6IGh0dHBzOi8vMGEzNDAwNzMwNDJjY2I1YjgwY2EzMDVhMDAyMTAwN2Mud2ViLXNlY3VyaXR5LWFjYWRlbXkubmV0L2xvZ2luDQpDb250ZW50LVR5cGU6IGFwcGxpY2F0aW9uL2pzb24NCkNvbnRlbnQtTGVuZ3RoOiA0MA0KT3JpZ2luOiBodHRwczovLzBhMzQwMDczMDQyY2NiNWI4MGNhMzA1YTAwMjEwMDdjLndlYi1zZWN1cml0eS1hY2FkZW15Lm5ldA0KU2VjLUZldGNoLURlc3Q6IGVtcHR5DQpTZWMtRmV0Y2gtTW9kZTogY29ycw0KU2VjLUZldGNoLVNpdGU6IHNhbWUtb3JpZ2luDQpQcmlvcml0eTogdT0wDQpUZTogdHJhaWxlcnMNCg0KeyJ1c2VybmFtZSI6IndpZW5lciIsInBhc3N3b3JkIjoicGV0ZXIifQ==]]></request>    <status>302</status>    <responselength>188</responselength>    <mimetype></mimetype>    <response base64="true"><![CDATA[SFRUUC8yIDMwMiBGb3VuZA0KTG9jYXRpb246IC9teS1hY2NvdW50P2lkPXdpZW5lcg0KU2V0LUNvb2tpZTogc2Vzc2lvbj1UdjRzdkNtRzlud3NSTzROWkZ5QjJtanFUWnpuMndqaTsgU2VjdXJlOyBIdHRwT25seTsgU2FtZVNpdGU9Tm9uZQ0KWC1GcmFtZS1PcHRpb25zOiBTQU1FT1JJR0lODQpDb250ZW50LUxlbmd0aDogMA0KDQo=]]></response>    <comment></comment>  </item></items>

 _  _     ___  ___  _    __  __           | \| |___/ __|/ _ \| |  |  \/  |__ _ _ __ | .` / _ \__ \ (_) | |__| |\/| / _` | '_ \|_|\_\___/___/\__\_\____|_|  |_\__,_| .__/ v0.7 codingo@protonmail.com        |_|   1-Set options2-NoSQL DB Access Attacks3-NoSQL Web App attacks4-Scan for Anonymous MongoDB Access5-Change Platform (Current: MongoDB)x-ExitSelect an option: 1Options1-Set target host/IP (Current: Not Set)2-Set web app port (Current: 80)3-Set App Path (Current: Not Set)4-Toggle HTTPS (Current: OFF)5-Set MongoDB Port (Current : 27017)6-Set HTTP Request Method (GET/POST) (Current: GET)7-Set my local MongoDB/Shell IP (Current: Not Set)8-Set shell listener port (Current: Not Set)9-Toggle Verbose Mode: (Current: OFF)0-Load options filea-Load options from saved Burp requestb-Save options fileh-Set headersx-Back to main menuSelect an option: aEnter path to Burp request file: /mnt/kali/save-item.txtunsupported method in request header.<!DOCTYPE items [Traceback (most recent call last):  File "nosqlmap.py", line 544, in <module>    main(args)  File "nosqlmap.py", line 47, in main    mainMenu()  File "nosqlmap.py", line 81, in mainMenu    options()  File "nosqlmap.py", line 485, in options    requestHeaders[header[0]] = header[1].strip()IndexError: list index out of range

POST /login HTTP/2Host: 0a340073042ccb5b80ca305a0021007c.web-security-academy.netCookie: session=tCoy2wg5y8QbQDEJT0aZsszpkWR4h29DUser-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:128.0) Gecko/20100101 Firefox/128.0Accept: */*Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflate, brReferer: https://0a340073042ccb5b80ca305a0021007c.web-security-academy.net/loginContent-Type: application/jsonContent-Length: 40Origin: https://0a340073042ccb5b80ca305a0021007c.web-security-academy.netSec-Fetch-Dest: emptySec-Fetch-Mode: corsSec-Fetch-Site: same-originPriority: u=0Te: trailers{"username":"wiener","password":"peter"}

 _  _     ___  ___  _    __  __           | \| |___/ __|/ _ \| |  |  \/  |__ _ _ __ | .` / _ \__ \ (_) | |__| |\/| / _` | '_ \|_|\_\___/___/\__\_\____|_|  |_\__,_| .__/ v0.7 codingo@protonmail.com        |_|   1-Set options2-NoSQL DB Access Attacks3-NoSQL Web App attacks4-Scan for Anonymous MongoDB Access5-Change Platform (Current: MongoDB)x-ExitSelect an option: 1Options1-Set target host/IP (Current: Not Set)2-Set web app port (Current: 80)3-Set App Path (Current: Not Set)4-Toggle HTTPS (Current: OFF)5-Set MongoDB Port (Current : 27017)6-Set HTTP Request Method (GET/POST) (Current: GET)7-Set my local MongoDB/Shell IP (Current: Not Set)8-Set shell listener port (Current: Not Set)9-Toggle Verbose Mode: (Current: OFF)0-Load options filea-Load options from saved Burp requestb-Save options fileh-Set headersx-Back to main menuSelect an option: aEnter path to Burp request file: /mnt/kali/copy-to-file.txtTraceback (most recent call last):  File "nosqlmap.py", line 544, in <module>    main(args)  File "nosqlmap.py", line 47, in main    mainMenu()  File "nosqlmap.py", line 81, in mainMenu    options()  File "nosqlmap.py", line 473, in options    paramValues.append(tempList[1])IndexError: list index out of range