Skip to content
/ check-dynamic-links Public

Burp extension to check dynamically generated links for vulnerabilities

7 stars 2 forks Branches Tags Activity
Star
Notifications You must be signed in to change notification settings

pajswigger/check-dynamic-links

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

4 Commits
src
src
 
 
README.md
README.md
 
 
check-dynamic-links.jar
check-dynamic-links.jar
 
 

Repository files navigation

Check Dynamic Links

This is a Burp extension that helps detect vulnerabilities in scenarios that Burp would otherwise miss:

  • Cross domain script include
  • Cross domain referer leakage

The core Burp check works by parsing the HTML page and identifying vulnerable script tags or links. However, this cannot identify links that are dynamically created by JavaScript.

This extension works by looking at the Referer header on all requests. If a request is seen with a JavaScript content type, and a referer from a different domain, this is CDSI. If a request has a referer that includes a query string and is from a different domain, that is CDRL.

About

Burp extension to check dynamically generated links for vulnerabilities

Resources

Readme
Activity

Stars

7 stars

Watchers

0 watching

Forks

2 forks
Report repository

Releases

No releases published

Packages

No packages published

Languages