Skip to content

一个Burpsuite插件,用于检测隐藏的XSS

Notifications You must be signed in to change notification settings

Hpd0ger/SuperTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

7 Commits
 
 
 
 

Repository files navigation

SuperTags

一个Burpsuite插件,用于检测隐藏的XSS,需要安装Jython环境:https://blog.csdn.net/sinat_25449961/article/details/77374407

在挖掘SRC的过程中,发现了很多参数回显到html的情况,但往往是一些不可视标签,容易被忽略。

How it Works

自动监听HTTP请求。获取包括但不限于get、cookie、reffer等参数,并查询response中的标签是否含有该值

Demo

可以看到test参数可以利用,结果在Output中查看

About

一个Burpsuite插件,用于检测隐藏的XSS

Resources

Stars

Watchers

Forks

Releases

No releases published

Packages

No packages published

Languages