- Script to detect DOM XSS
The link to the extension does not work anymore.
Searching for ESLint + Burp on Twitter gets us a series of tweets by David Rook from 2015:
Seems like he created an extension but never continued or released it.
How to detect JS in responses
Some ideas, including some from DetectDynamicJS
def isScript(self, requestResponse): """Determine if the response is a script""" try: response = requestResponse.getResponse() except: return False if not self.hasBody(response): return False responseInfo = self._helpers.analyzeResponse(response) body = response.tostring()[responseInfo.getBodyOffset():] first_char = body[0:1] mimeType = responseInfo.getStatedMimeType().split(';') inferredMimeType = responseInfo.getInferredMimeType().split(';') return (first_char not in self.ichars and ("script" in mimeType or "script" in inferredMimeType or self.hasScriptFileEnding(requestResponse) or self.hasScriptContentType(response)))
- By extension, check for
- Why JSON? for maps?
- What about jsmaps? What are their extensions?
- Any other extensions?
- Framework specific extension
- Add more
- How can we extract jsmaps and get the JS files?
- What are jsmaps?
- What is their structure?
- By MIME Type.
- IResponseInfo.getStatedMimeType: https://portswigger.net/burp/extender/api/burp/IResponseInfo.html#getStatedMimeType()
- IResponseInfo.getInferredMimeType: https://portswigger.net/burp/extender/api/burp/IResponseInfo.html#getStatedMimeType()
- Anything else?
- What about scripts inside response (similar to what Burp does)
- Regex for
- Where else can we have embedded scripts?
- Regex for
- How to create Burp extension UI in Python.
- Lots of examples for Burp extensions in Java
- Only a few in Python.
- Read those and learn.
- Make a blog post about it.
Embedding JS in Python?
- Handling large files?
- Beautifying and linting them will consume a lot of RAM. Let's assume we will run node with 4GBs of RAM.
- Do we have a size limit? Works for the POC but not in action.
- Split the files into chunks?
- Works if we are using a map that has separate JS files?
- For big files, use a parser and make chunks and the end of self-contained blocks?
- How do we figure this out?
- Drop standard stuff that we can recognize as 3rd party.
- Performance issues
- Both ESLint and the beautifier are slow on large files and use a lot of RAM.