Skip to content

certuscyber/bapp-certus

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

3 Commits
README.md
README.md
 
 
extension.py
extension.py
 
 

Repository files navigation

README for Type Confusion Extension

This Burp Extension was created by Certus Cybersecurity to help find type confusion vulnerablities in applications.

What is type confusion?

For more information, please refer to the blogpost, that will be linked here soon.

What is this extension for?

This extension complements Burp's active scanner by substituting integer and booleean JSON values with their string equivalents to check if variable types are being checked on the server's side.

Any JSON body in HTTP request will be re-submitted with with the string equivalent:

{
    "id":34,
    "name":"John",
    "role":"basic",
    "extended":false
}

Will be transformed to:

{
    "id":"34",
    "name":"John",
    "role":"basic",
    "extended":false
}

If the HTTP response is successful, it would indicate that variable types are not being check on the server side.

How do I get set up?

Ensure you have Jython standalone JAR file attached to Burp and import the extension.py file.

Who do I talk to?

Use Github issues to raise any problems. Contributions and feature requests are welcome.

About

No description, website, or topics provided.

Resources

Readme
Activity

Stars

0 stars

Watchers

1 watching

Forks

3 forks
Report repository

Releases

No releases published

Packages

No packages published

Languages