Skip to content

whoishacked/burp_xss_restriction_bypass_checker

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

24 Commits
.gitignore
.gitignore
 
 
LICENSE
LICENSE
 
 
README.md
README.md
 
 
xss_filter_bypass.py
xss_filter_bypass.py
 
 

Repository files navigation

XSS Restriction bypass checker

Description

Extension for PortSwigger Burp Suite which check and bypass XSS filters. This project was a part of Digital Security's Penetration Testing department internship "Summer of Hack 2022".

Installation

  1. Clone the repository:
git clone https://github.com/whoishacked/burp_xss_restriction_bypass_checker.git

  1. Download Jython

  2. Open Burp Suite Extender->Options tab and set Jython file location in Python Environment

  3. Open Burp Suite Extender->Extensions tab and add the xss_filter_bypass.py extension.

  4. This extension uses Burp Exceptions for throwing exceptions in Python. You also need to install it using manual.

Usage

You can use payloads in Repeater. Just right-click, select payload in Extensions->XSS Filter Bypass, send request and check response. Also, you can insert any payload in the {XSS} tag, for example: {XSS}this_is_my_payload{XSS}. If payload works - you will see the message in the response window: <!-- {XSS} -->.

Technologies

  • Python
  • Jython
  • Burp Exceptions
  • Burp Suite API

Authors

Andrew Kutuzov:

  • Telegram: @andrewkutuzov

About

XSS filter bypass extension for PortSwigger Burp Suite.

Topics

python python-script xss xss-vulnerability burp xss-scanner xss-exploitation jython xss-attacks burp-plugin burpsuite burp-extensions summer-of-hack

Resources

Readme

License

MIT license
Activity

Stars

8 stars

Watchers

1 watching

Forks

0 forks
Report repository

Releases

No releases published

Packages

No packages published

Languages