Tag Archives: cross-site scripting

Introducing Burp Correlator!

This one is for you web penetration testers!  This new Burp extension is designed to help with efficiency when you are testing a complex application full of parameters or a series of applications and just do not have enough time to thoroughly analyze each one.  It analyzes all the parameters in your in-scope traffic and presents them in a table.  But that’s just the start!  In addition to generating some basic statistics, it will intelligently attempt to determine the format of each parameter based on the values seen in the traffic.  Correlator will automatically and recursively base64 and URL decode, check for known hash lengths (e.g. MD5, SHA1, etc…), make note of familiar formats (e.g. 123-45-6789), decode BigIP cookies, and more!  It will also check to see if the value shows up in the response (i.e. was it reflected), and even whether the URL decoded version was.
It is a lot easier to explain how this works with a demonstration, so I made a video:

I’m very hopeful that this extension will make large-scale manual web penetration testing more palatable and significantly more efficient.  But I need help! Please check it out and give me all your feedback so I can make it even better.

Look for the Correlator (beta) download link on http://burpco2.com.

Jason Gillam is a Senior Security Consultant with Secure Ideas. If you are in need of a penetration test or other security consulting services you can contact him at jgillam@secureideas.com, on Twitter @JGillam, or visit the Secure Ideas – ProfessionallyEvil site for services provided.

Don’t Forget the Little Things!

On January 31st, Deusen disclosed what was described as a Same Origin Policy Bypass flaw called “Universal XSS (U-XSS)” in IE 9 through 11 on Full Disclosure.  This zero-day is another reminder of why a “Defense in Depth” strategy is so important, even within web applications.  That’s because this particular flaw has to do with… Continue Reading

We Can’t Rely on the Browser for Protection

 A large part of doing security consulting is providing proper mitigations and recommendations to our clients.  Sure, the testing is the exciting part, but it is the recommendations that are going to have the greatest impact on our client’s security.  It is our goal to help make the security posture better, not set a record… Continue Reading