dptsec/burpjsluice
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
7 Commits 1 Branch 0 Tags
master
Go to file
Clone
Open with VS Code Open with VSCodium Open with Intellij IDEA
Download ZIP Download TAR.GZ Download BUNDLE
dpt f5ecf5391a Update README.md
2023-07-31 15:50:18 -05:00
assets
Initial commit
2023-07-31 10:52:38 -05:00
gradle/wrapper
Initial commit
2023-07-31 10:45:40 -05:00
src/main/kotlin/com/dptsec/burpjsluice
switched to kotlin coroutines
2023-07-31 15:47:12 -05:00
build.gradle.kts
switched to kotlin coroutines
2023-07-31 15:47:12 -05:00
gradle.properties
Initial commit
2023-07-31 10:45:40 -05:00
gradlew
Initial commit
2023-07-31 10:45:40 -05:00
gradlew.bat
Initial commit
2023-07-31 10:45:40 -05:00
README.md
Update README.md
2023-07-31 15:50:18 -05:00
settings.gradle.kts
Initial commit
2023-07-31 10:45:40 -05:00

README.md

burpjsluice

Burp Suite extension for jsluice tool by tomnomnom

https://github.com/BishopFox/jsluice

How it works

The extension analyzes proxy responses and identifies in-scope scripts, then writes the contents to a temporary file and executes jsluice urls [...].

A limited number of coroutines are used to ensure moderate CPU usage. Findings are then displayed in a table in the BurpJsluice tab, which can be filtered via regex. All findings can be exported as CSV, copied to the clipboard, and sent to Repeater.

This has only been tested on Linux.

Screenshot

plot

References

https://bishopfox.com/blog/power-pen-tests-with-montoya-api

https://github.com/PortSwigger/additional-cors-checks/

https://bishopfox.com/blog/jsluice-javascript-technical-deep-dive

Description
No description provided
Readme 232 KiB
Languages
Kotlin 100%