Ecosyste.ms: Awesome
An open API service indexing awesome lists of open source software.
https://github.com/kapytein/jsonp
jsonp is a Burp Extension which attempts to reveal JSONP functionality behind JSON endpoints.
https://github.com/kapytein/jsonp
burp burp-extensions infosec pentesting
Last synced: about 1 month ago
JSON representation
jsonp is a Burp Extension which attempts to reveal JSONP functionality behind JSON endpoints.
- Host: GitHub
- URL: https://github.com/kapytein/jsonp
- Owner: kapytein
- License: mit
- Archived: true
- Created: 2019-08-24T11:58:31.000Z (over 5 years ago)
- Default Branch: master
- Last Pushed: 2021-02-15T10:34:00.000Z (almost 4 years ago)
- Last Synced: 2024-08-02T00:23:02.766Z (4 months ago)
- Topics: burp, burp-extensions, infosec, pentesting
- Language: Python
- Homepage:
- Size: 8.79 KB
- Stars: 150
- Watchers: 4
- Forks: 29
- Open Issues: 1
-
Metadata Files:
- Readme: README.md
- License: LICENSE
Awesome Lists containing this project
- awesome-burp-extensions - jsonp - jsonp is a Burp Extension which attempts to reveal JSONP functionality behind JSON endpoints. This could help reveal cross-site script inclusion vulnerabilities or aid in bypassing content security policies. (Vulnerability Specific Extensions / Cross-site scripting)
README
# jsonp
![alt](https://www.upload.ee/image/10396748/Screenshot_from_2019-08-24_23-39-07.png)
jsonp is a Burp Extension which tries to discover JSONP functionality behind JSON endpoints. It does so by appending parameters and/or changing the extension of the requested URL. The payloads are taken from payloads.txt.
The extension acts as a passive scanner (while it actually is not, since it creates requests based on the original request). For every request responding with `application/json`, the plugin will send `4` altered requests, using the payloads from `payloads.txt`. Only the request path and method will be altered. All requests made by the plugin are using the request method `GET`.
JSONP functionalities (if not restricted) could be used to bypass content security policies. Besides that, in case there's authenticated data, you could attempt a cross-site script inclusion attack if no CSRF token or equivalent is used to migitate the exploitability.
It's common that JSONP functionalities are hidden behind JSON endpoints, as learned on [Liberapay](https://hackerone.com/reports/361951). The template rendered using `jsonp_dump`, which would return valid JSON with content type `application/json` when no `callback` parameter is supplied.
## Installation
The extension is currently not in the BApp Store. You have to install it manually via "Extender > Add".
## Common false-positivies for exploitability
The extension uses the cookies and (possibly additional) authentication headers from the original request. This means that the extension does not detect whether the JSONP functionality on the endpoint is exploitable or not.