Script to Filter Out Email Addresses in Responses and Highlight Them if Found and another Script to Filter and Highlight Requests Using Deprecated HTTP Methods and another script to Highlight Responses With Developer Notes And another script to Highlight Suspicious JavaScript Functions #30
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Update README file
fix the link
The script is designed to efficiently parse through response data to identify and filter out email addresses. It begins by establishing a set of ignored file extensions, ensuring that the script does not process irrelevant response types such as images or multimedia files. The core functionality revolves around a regular expression that is meticulously crafted to detect email addresses within the response body, excluding specific file formats in the domain part of the email to enhance accuracy.
|
Poc |
This code targets HTTP requests that use deprecated or less common methods, such as TRACE and CONNECT. These methods are often overlooked but can be exploited in certain types of network attacks. When such a request is detected, the script highlights it in red within the Burp Suite interface, making it easy for security analysts to spot and investigate these potentially risky requests.
BugBountyzip
changed the title
BugBountyzip
changed the title
* This script identifies and highlights HTTP responses containing developer notes in HTML, JavaScript, or other files. * It differentiates the types of files and highlights them accordingly: green for HTML, yellow for JavaScript, and blue for other types.
BugBountyzip
changed the title
|
Dear team @Hannah-PortSwigger , @ibz-odumade-portswigger , @ps-porpoise , @PortSwiggerWiener
|
This script is designed to enhance security assessments by identifying potentially hazardous JavaScript functions in web applications. It meticulously scans HTTP responses with a Content-Type of application/javascript and flags responses containing functions like eval(), setTimeout(), and document.write().. The script highlights such responses in red, drawing immediate attention, and adds concise notes specifying the detected functions.
BugBountyzip
changed the title
|
Script to Detect and Highlight Suspicious JavaScript Functions has been Added+ Poc:
|
|
Hey @BugBountyzip, thanks for your submissions. We'd prefer if you create a pull request for each individual bambda as it will help speed up our review process. Would you be able to split these out please? That being said, these submissions looks great, we'll get back to you with a few suggestions soon. :) |
|
Hello @ps-porpoise , Thanks for your feedback. Almost done |
|
Almost done |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Bambda Contributions
@authorannotation and suitable description