forked from luh2/DetectDynamicJS
-
Notifications
You must be signed in to change notification settings - Fork 0
/
BappDescription.html
executable file
·9 lines (7 loc) · 1.03 KB
/
BappDescription.html
1
2
3
4
5
6
7
8
9
<p>This extension compares JavaScript files with each other to detect dynamically generated content and content that is only accessible when the user is authenticated. This occasionally contains not only code but also <em>data</em> with user or session information. User/session information can then be checked for potential leakage. This extension is supposed to help hunting for exploitable situations.</p>
<br>
<p>To trigger the extension, simply launch a passive scan of your JavaScript files that you have requested as authenticated user. Despite being a passive scan, the extension will generate one or sometimes two request per script without cookies to get the non-authenticated version of the script.</p>
<p>If the same script is found to contain differing content, the extension will report an issue in the Target tab. </p>
<br>
Requires Jython 2.7 and difflib.
<p>More information about Dynamically Generated JavaScript and hunting for related bugs can be found on the project page: https://github.com/luh2/DetectDynamicJS</p>