Ecosyste.ms: Awesome
An open API service indexing awesome lists of open source software.
https://github.com/adriancitu/burp-tabnabbing-extension
Burp Suite Professional extension in Java for Tabnabbing attack
https://github.com/adriancitu/burp-tabnabbing-extension
burp-extensions burp-plugin burpsuite-extender java-8 tabnabbing
Last synced: about 2 months ago
JSON representation
Burp Suite Professional extension in Java for Tabnabbing attack
- Host: GitHub
- URL: https://github.com/adriancitu/burp-tabnabbing-extension
- Owner: AdrianCitu
- License: mit
- Created: 2018-04-18T20:50:35.000Z (about 6 years ago)
- Default Branch: master
- Last Pushed: 2018-05-08T21:22:45.000Z (about 6 years ago)
- Last Synced: 2024-02-09T20:49:32.632Z (5 months ago)
- Topics: burp-extensions, burp-plugin, burpsuite-extender, java-8, tabnabbing
- Language: HTML
- Homepage: https://adriancitu.com/2018/05/07/tabnabbing-burp-extension/
- Size: 177 KB
- Stars: 14
- Watchers: 3
- Forks: 4
- Open Issues: 0
-
Metadata Files:
- Readme: README.md
- License: LICENSE
- Code of conduct: CODE_OF_CONDUCT.md
Lists
- awesome-burp-suite - **10**星
- awesome-burp-suite - **10**星
README
# burp-tabnabbing-extension
This is a Burp Suite Pro extension that is able to find the “Reverse Tabnabbing” attack.
For more information about “Reverse Tabnabbing” attack please see https://www.owasp.org/index.php/Reverse_TabnabbingBy defaut the extension will scan the pages entirely but this behavior can be customized using the
"tabnabbing.pagescan.strategy" (java) system variables.
The possible options of "tabnabbing.pagescan.strategy" are:
* STOP_AFTER_FIRST_FINDING (stops the scan after first finding).
* STOP_AFTER_FIRST_HTML_AND_JS_FINDING (stop the scan after first HTML and JavaScript finding).
* SCAN_ENTIRE_PAGE (default value).
The "tabnabbing.pagescan.strategy" system variable can be set-up at start time like this:java -Dtabnabbing.pagescan.strategy=SCAN_ENTIRE_PAGE -jar burpsuite-pro-x.x.xx.jar
Requirements to run the extension:
* Java 8 or later.
* Burp Suite Professional version 1.7.33 (or later ?) - not sure that the next API
versions will be backward compatible.
Some code metrics (from sonarcloud): https://sonarcloud.io/dashboard?id=com.github.adriancitu.burp%3AtabnabbingIf you want to know more technical details about how the plug-in was done: https://adriancitu.com/2018/05/07/tabnabbing-burp-extension/