Comments (6)
Hi @Hipapheralkus,
Thanks for test this feature :)
Your configuration "Exclude HTTP Headers" is not compatible with "Not in cookie":
- Not in cookie: if you want find if any cookie attribute is not present
If you exclude HTTP Headers you don't find cookie attribute.
On the other hand, the tool works ... The payload is sent and it looks for the payload itself (it does not look for all the occurrences, it is enough for it to find it only once). Only mark with highlight syntax the first occurrence.
Regards!
from burpbounty.
I switched off the "Not in cookie", saved it, and ran again. However I still think it doesn't work.
Expected behavior - I want to check for basic reflections in the response body only (which could possibly lead to XSS). When the value is observed in the http response, it should create an Issue.
Observed behavior: In the Sessions Tracer, I see extension is making valid requests, and when I check the response there, this payload is present on 2 places = once in the "x-request-path" header, and then 7 more times in the body - on different places. Hence, I would expect to see at least 1 issue to be present in the Active Scan, because I have the value reflected back in the HTTP response body 7 times.
from burpbounty.
Hi @Hipapheralkus,
I have identified and corrected the error. Could you try it now?
Thank you very much!
from burpbounty.
Hi @Hipapheralkus,
Works fine now?
Regards!
from burpbounty.
Hi, I tried it again (the newest version on BApp Store).
I can confirm, that if the reflection happens only in the header, no issue is raised = as expected.
When I scan request which has multiple reflection, the first and only highlighted occurrence is the one in the response Header. Is it possible, that this highlight would not be present, as it should be excluded? Also, since there is only a single highlight in such a case, I would automatically miss all the other reflections = other 3 reflections in the Body. Only when I manually search the value can I see there are 4 matches (1 header + 3 body).
Is this something which could be fixed as well?
from burpbounty.
Hi @Hipapheralkus ,
The working is as follows:
The extension looks for the pattern in each answer, if appears at least once, returns it as an issue and highlight only the first one.
This is because it improves performance. If what you want is to find a pattern in the answer, if you find it, even if only once, you have already fulfilled what was expected. This is better because no delay between requests.
Regards!
from burpbounty.
Related Issues (20)
- FR: Run Profiles in User Defined Order
- FR: Include Parameter in Issue Description
- Bug: BurpBountyGui line 658:Cannot invoke "String.equals(Object)" because "this.timeOut" is null HOT 1
- FR: Verbose Error Output HOT 1
- Burp Bounty free edition not detecting anything HOT 2
- IScanQueueItem.getIssues() not returning issues
- Request option to run burp bounty scan alone HOT 1
- Burp bounty not working HOT 2
- Losing configuration after closing burp HOT 1
- Doge for people HOT 1
- Business trip
- Active profile - replace header feature
- Unable to add RULES & PROFILEs
- Java Errors
- Enabling profiles using checkbox lead to freezing Burp (burpBounty v4 free)
- Adding Authorization Bearer Tokens HOT 1
- Collaborator does't trigger a finding HOT 1
- FR: Flag BB Profiles Which Have Caused an Error with Timestamp
- Bug: BB Profiles will Not Run if an Error is Encountered HOT 1
- FR: Column in BB tab for Last Successful Run of BB Profile
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from burpbounty.