Ecosyste.ms: Awesome
An open API service indexing awesome lists of open source software.
https://github.com/hpd0ger/supertags
一个Burpsuite插件,用于检测隐藏的XSS
https://github.com/hpd0ger/supertags
Last synced: 28 days ago
JSON representation
一个Burpsuite插件,用于检测隐藏的XSS
- Host: GitHub
- URL: https://github.com/hpd0ger/supertags
- Owner: Hpd0ger
- Created: 2019-03-30T07:43:58.000Z (about 5 years ago)
- Default Branch: master
- Last Pushed: 2019-03-31T02:06:36.000Z (about 5 years ago)
- Last Synced: 2024-02-09T20:14:25.190Z (4 months ago)
- Language: Python
- Size: 7.81 KB
- Stars: 35
- Watchers: 2
- Forks: 2
- Open Issues: 0
-
Metadata Files:
- Readme: README.md
Lists
- awesome-burp-suite - **23**星
- awesome-burp-suite - **23**星
README
# SuperTags
一个Burpsuite插件,用于检测隐藏的XSS,需要安装Jython环境:https://blog.csdn.net/sinat_25449961/article/details/77374407在挖掘SRC的过程中,发现了很多参数回显到html的情况,但往往是一些不可视标签,容易被忽略。
# How it Works
自动监听HTTP请求。获取包括但不限于get、cookie、reffer等参数,并查询response中的标签是否含有该值# Demo
![](http://static.zybuluo.com/1160307775/k6jqghl8fgk7de1r8s4vw17u/image_1d76pe1bihb110g88k617aqgha9.png)可以看到test参数可以利用,结果在Output中查看
![](http://static.zybuluo.com/1160307775/5hlk0q563e4rpwv29mujrljq/image_1d76phstmb8d1vqo1l1j1b4m1ba213.png)