A Custom Scanner for Burp
Switch branches/tags
Nothing to show
Clone or download
Fetching latest commit…
Cannot retrieve the latest commit at this time.
Failed to load latest commit information.


By Chris Bush of Foundstone

This is a Burp extension that implments a custom 
scanner to provide two passive scan checks:

    1. Reflection Checks – Using the values of the parameters 
    in the base request that is being passively scanned, 
    this check searches the corresponding response for those 
    same values, providing a candidate point for further 
    testing for reflected XSS vulnerabilities.

    2. Regular Expression Match – Can be used to examine the base 
    response of a passive scan request, looking for any string 
    that matches a particular regular expression.  In the context 
    of this example extension, this check is used to do a customized 
    search of application responses using a regular expression 
    designed to match potentially sensitive personally identifiable 
    information (PII) unique to a specific, non-US, country.

This was created as a supplemental file to a blog post on: