burp_bug_finder – A Burpsuite Automatic Bug Finder plugin.
Burp_bug_finder is a custom burpsuite plugin (written in python) that makes easy the discovery of web vulnerabilities. This version focuses only on XSS, and error based SQLi there’s no need to manually send xss payload either for reflected or stored payload; you just need to browse to the pages where you want to check XSS vulnerability or error based SQL injection.
Also see: PwnXSS – Powerful XSS Scanner
How to install
1. Install jython and include it in the extender tab. The lastest version (2.7.3) at today date can be downloaded here
2. Include the jython in the python environment in Extender > Options > Python Environment Jython installation
3. Download the burp_bug_finder.py from this repository and include it the extension.
How it works
burp_bug_finder captures all requests sent through the proxy and resend them by modifiying every parameter (including cookie) with XSS and SQLi payloads. The XSS payload and SQL error message are then checked in the response of the request.
You have to add the website to be processed in the target scope Target added to scope.
If the payload pattern is found in the response, a log is added in the tab named BurpBugFinder and .
If you’re using burpsuite pro, you will get issue alert in the dashboard tab. Issues summary from burp pro
NB: Since every request sent is tweaked, kindly enable the extension only when you want to check for bug.
Download Bug Finder
