OpenSecurityResearch / CustomPassiveScanner

A Custom Scanner for Burp

Geek Repo:Geek Repo

Github PK Tool:Github PK Tool

CustomPassiveScanner
By Chris Bush of Foundstone
------------------------------------

This is a Burp extension that implments a custom 
scanner to provide two passive scan checks:

    1. Reflection Checks – Using the values of the parameters 
    in the base request that is being passively scanned, 
    this check searches the corresponding response for those 
    same values, providing a candidate point for further 
    testing for reflected XSS vulnerabilities.

    2. Regular Expression Match – Can be used to examine the base 
    response of a passive scan request, looking for any string 
    that matches a particular regular expression.  In the context 
    of this example extension, this check is used to do a customized 
    search of application responses using a regular expression 
    designed to match potentially sensitive personally identifiable 
    information (PII) unique to a specific, non-US, country.

This was created as a supplemental file to a blog post on:
    http://blog.opensecurityresearch.com


About

A Custom Scanner for Burp


Languages

Language:Python 100.0%