forked from thomaspatzke/Burp-MissingScannerChecks
-
Notifications
You must be signed in to change notification settings - Fork 11
PortSwigger/additional-scanner-checks
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Folders and files
| Name | Name | Last commit message | Last commit date | |
|---|---|---|---|---|
Repository files navigation
This burp extension implements some passive scanner checks which are missing in Burp suite: * DOM-based XSS (REs are based on those from https://code.google.com/p/domxsswiki/wiki/FindingDOMXSS) * Missing HTTP headers: * Strict-Transport-Security * X-Content-Type-Options: nosniff * X-XSS-Protection * Multiple occurrences of the checked headers. * Redirection from HTTP to HTTPS All checks can be enabled separately in an own extension tab and a default config can be stored. TODO ==== * See TODO markers in the code. * Further possibilities to redirect from HTTP to HTTPS (meta refresh, links, referer checking) * Active scanner check: Actively test directories for listings * Active scanner check: Add parameters like debug, admin, test etc. and check if something interesting appears on the page. * Active Scanner check: Reaction of the web application and server to requests with different/missing host headers.
About
Collection of scanner checks missing in Burp
Resources
Stars
Watchers
Forks
Releases
No releases published
Packages 0
No packages published
Languages
- Python 98.3%
- HTML 1.7%