Skip to content

technotame/dangerous-methods

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

117 Commits
docs
docs
 
 
screenshots
screenshots
 
 
tests
tests
 
 
.gitignore
.gitignore
 
 
LICENSE
LICENSE
 
 
README.md
README.md
 
 
dangerous-methods.py
dangerous-methods.py
 
 

Repository files navigation

Dangerous Methods

A Burp Suite Professional extension for finding the use of potentially dangerous methods/functions in Javascript, jQuery, AngularJS, and others.

  • Passive scanner checks create informational issues in Burp Suite
  • Powered by regular expressions
  • Written in Python
  • Requires Jython 2.7+
  • 22 checks across 5 frameworks/languages
  • Pull requests welcome!

Screenshots

[Example Issue]

Todo

  • Collect references
  • Make regexes longer/more robust/more accurate
    • Determine valid identifier regex to precede JS methods
    • Prefer false positives over false negatives
  • Rework issue details and references
  • Add new dangerous methods
    • Look into templating languages
  • Add extension information to registerExtenderCallbacks output
  • Possibly load regexes/references from file?
  • Write better/more realistic test app
    • Reformat HTML to show what tests apply to which issues
  • Send output properly
  • Find out if Burp Pro is needed
  • Throw exceptions where needed
  • Add screenshots

About

No description, website, or topics provided.

Resources

Readme

License

MIT license
Activity

Stars

0 stars

Watchers

0 watching

Forks

0 forks
Report repository

Releases

1 tags

Packages

No packages published

Languages