Professional Community
This is a Burp Suite extension to help Burp know where to look during scanning.
What is it and what is it for?
This extension was created with Single Page Applications (SPAs) in mind, to try and reduce the amount of manual testing needed, especially when the application has an API that interacts with JavaScript
Usage
Look Over There is a simple bit of code, and at its most simple, you give it a trigger URI and a target URI. When the trigger URI is observed the extension inserts an HTTP 302 status code and a Location header to the target URI. This then means that Burp will (if it deems it necessary) follow the HTTP redirection and in doing so, should be able to see any successful attack results.
The extension is designed to be configurable in the following ways
As a precaution, the extension will only operate against requests made by appropriate Burp Suite tools. It won't do anything if the request is triggered by the Proxy / Spider / Sequencer (or Decoder / Comparer).
Author |
Author
Felix Ryan |
---|---|
Version |
Version
1.0 |
Rating |
Rating |
Popularity |
Popularity |
Last updated |
Last updated
01 March 2023 |
Estimated system impact |
Estimated system impact
Overall impact: Low
Memory
Low
CPU
Low
General
Low
Scanner
Low
|
You can install BApps directly within Burp, via the BApp Store feature in the Burp Extender tool. You can also download them from here, for offline installation into Burp.
|
You can view the source code for all BApp Store extensions on our GitHub page. |
|
Follow @BApp_Store on Twitter to receive notifications of all BApp releases and updates. |
Please note that extensions are written by third party users of Burp, and PortSwigger Web Security makes no warranty about their quality or usefulness for any particular purpose.
Please note that extensions are written by third party users of Burp, and PortSwigger Web Security makes no warranty about their quality or usefulness for any particular purpose.