Ecosyste.ms: Awesome
An open API service indexing awesome lists of open source software.
https://github.com/yxw21/xssbughunter
burpsuite extension
https://github.com/yxw21/xssbughunter
burpsuite extension xss xsshunter
Last synced: about 2 months ago
JSON representation
burpsuite extension
- Host: GitHub
- URL: https://github.com/yxw21/xssbughunter
- Owner: yxw21
- Created: 2023-01-31T06:50:47.000Z (about 2 years ago)
- Default Branch: master
- Last Pushed: 2023-02-01T02:00:59.000Z (about 2 years ago)
- Last Synced: 2024-04-30T07:17:08.674Z (9 months ago)
- Topics: burpsuite, extension, xss, xsshunter
- Language: Java
- Homepage: https://xss.bughunter.app
- Size: 20.5 KB
- Stars: 10
- Watchers: 3
- Forks: 1
- Open Issues: 0
-
Metadata Files:
- Readme: README.md
Awesome Lists containing this project
README
# What is the this tool for?
This tool can be used to generate relevant XSS addresses that can be used to track HTTP requests. By using this tool, all your injection attempts will be tracked and the reports you generate will include the full HTTP request in the final output.
# Minimum Burp Suite Version
2023.1
Because of the use of Burp Extensions API - Montoya
# Setup
You can download the jar directly and load it into burpsuite.
After loading the plugin, a new tab will be created, as shown below.
Just fill in the form and click Login.
`replace` is the javascript address that needs to be replaced. (Try to ensure that `replace` is unlikely to appear in normal http. Guarantee uniqueness.)
For example (`replace` is `test123`)
```
GET /concat-us HTTP/1.1
Host: example.com
aaa: test123
content=testhello
```
Finally the extension will automatically update the request
```
GET /concat-us HTTP/1.1
Host: example.com
aaa: https://request-id-domain.xss.cl
content=testhello
```
# Where to view the request that triggered the payload
https://xss.bughunter.app/dashboard/trigger
