Potential Vulnerability Indicator
The extension checks the following things:
- Application response bodies for specific strings that indicate a vulnerability is present, such as error output indicative of SQLi, Serialization issues, XXE issues, etc
- Application requests in the URL and Body for potential targets of SSRF/LFI/RFI/Directory Traversal/URL Injection attack
- Application requests and responses in URLs, bodies, and headers for AWS S3 buckets/Azure Storage containers/Google storage containers
- Application requests for parameters that might indicate targets for other common attack vectors (similar to HUNT)
- Application responses for potential leaking of secrets
Items must be in scope for the checks to apply.
|Last updated||11 February 2021|
You can install BApps directly within Burp, via the BApp Store feature in the Burp Extender tool. You can also download them from here, for offline installation into Burp.
|You can view the source code for this BApp by visiting our GitHub page.|
|Follow @BApp_Store on Twitter to receive notifications of all BApp releases and updates.|
Please note that extensions are written by third party users of Burp, and PortSwigger Web Security makes no warranty about their quality or usefulness for any particular purpose.