GitPlanet

Cheap and reliable Node.js hosting starts at $3/month, and $1/month static HTML hosting

Created with love in Canada, visit hostnodejs.com today

Feel like to post an Ad? Learn Details
All Projects → physics-sec → DetectCrossOriginMessaging

physics-sec / DetectCrossOriginMessaging

Licence: other
This Burp extension helps you to find usages of postMessage and recvMessage

Programming Languages

python
139335 projects - #7 most used programming language

Labels

postmessageburpsuiteburp-extensions

Projects that are alternatives of or similar to DetectCrossOriginMessaging

TurboDataMiner
The objective of this Burp Suite extension is the flexible and dynamic extraction, correlation, and structured presentation of information from the Burp Suite project as well as the flexible and dynamic on-the-fly modification of outgoing or incoming HTTP requests using Python scripts. Thus, Turbo Data Miner shall aid in gaining a better and fas…
Stars: ✭ 46 (+283.33%)
Mutual labels:  burpsuite, burp-extensions
Headless Burp
Automate security tests using Burp Suite.
Stars: ✭ 192 (+1500%)
Mutual labels:  burpsuite, burp-extensions
Burp Molly Pack
Security checks pack for Burp Suite
Stars: ✭ 123 (+925%)
Mutual labels:  burpsuite, burp-extensions
burp-copy-as-ffuf
Burp Extension that copies a request and builds a FFUF skeleton
Stars: ✭ 77 (+541.67%)
Mutual labels:  burpsuite, burp-extensions
burp-flow
Extension providing view with filtering capabilities for both complete and incomplete requests from all burp tools.
Stars: ✭ 45 (+275%)
Mutual labels:  burpsuite, burp-extensions
Swurg
Parse OpenAPI documents into Burp Suite for automating OpenAPI-based APIs security assessments (approved by PortSwigger for inclusion in their official BApp Store).
Stars: ✭ 94 (+683.33%)
Mutual labels:  burpsuite, burp-extensions
Minesweeper
A Burpsuite plugin (BApp) to aid in the detection of scripts being loaded from over 23000 malicious cryptocurrency mining domains (cryptojacking).
Stars: ✭ 162 (+1250%)
Mutual labels:  burpsuite, burp-extensions
Burpbounty
Burp Bounty (Scan Check Builder in BApp Store) is a extension of Burp Suite that allows you, in a quick and simple way, to improve the active and passive scanner by means of personalized rules through a very intuitive graphical interface.
Stars: ✭ 1,026 (+8450%)
Mutual labels:  burpsuite, burp-extensions
burp-token-rewrite
Burp extension for automated handling of CSRF tokens
Stars: ✭ 15 (+25%)
Mutual labels:  burpsuite, burp-extensions
burp-wildcard
Burp extension intended to compact Burp extension tabs by hijacking them to own tab.
Stars: ✭ 119 (+891.67%)
Mutual labels:  burpsuite, burp-extensions
Cstc
CSTC is a Burp Suite extension that allows request/response modification using a GUI analogous to CyberChef
Stars: ✭ 91 (+658.33%)
Mutual labels:  burpsuite, burp-extensions
SQLi-Query-Tampering
SQLi Query Tampering extends and adds custom Payload Generator/Processor in Burp Suite's Intruder. This extension gives you the flexibility of manual testing with many powerful evasion techniques.
Stars: ✭ 123 (+925%)
Mutual labels:  burpsuite, burp-extensions
Burpsuite Collections
BurpSuite收集:包括不限于 Burp 文章、破解版、插件(非BApp Store)、汉化等相关教程,欢迎添砖加瓦---burpsuite-pro burpsuite-extender burpsuite cracked-version hackbar hacktools fuzzing fuzz-testing burp-plugin burp-extensions bapp-store brute-force-attacks brute-force-passwords waf sqlmap jar
Stars: ✭ 1,081 (+8908.33%)
Mutual labels:  burpsuite, burp-extensions
Burp Exporter
Exporter is a Burp Suite extension to copy a request to the clipboard as multiple programming languages functions.
Stars: ✭ 122 (+916.67%)
Mutual labels:  burpsuite, burp-extensions
Burp Suite Error Message Checks
Burp Suite extension to passively scan for applications revealing server error messages
Stars: ✭ 45 (+275%)
Mutual labels:  burpsuite, burp-extensions
Burpsuite Xkeys
A Burp Suite Extension to extract interesting strings (key, secret, token, or etc.) from a webpage.
Stars: ✭ 144 (+1100%)
Mutual labels:  burpsuite, burp-extensions
Hackbar
HackBar plugin for Burpsuite
Stars: ✭ 917 (+7541.67%)
Mutual labels:  burpsuite, burp-extensions
Burp Suite Software Version Checks
Burp extension to passively scan for applications revealing software version numbers
Stars: ✭ 29 (+141.67%)
Mutual labels:  burpsuite, burp-extensions
Pwnback
Burp Extender plugin that generates a sitemap of a website using Wayback Machine
Stars: ✭ 203 (+1591.67%)
Mutual labels:  burpsuite, burp-extensions
burp-suite-utils
Utilities for creating Burp Suite Extensions.
Stars: ✭ 19 (+58.33%)
Mutual labels:  burpsuite, burp-extensions
View All Similar Projects ➔

DetectCrossOriginMessaging

About Cross origin messaging

PostMessage allows an object or string to be sent to another window or frame using JavaScript. The recipient window can either ignore the message or processes it with a function defined by the developer. Whilst no security or validation is provided out of the box, the inbound message event contains an “origin” property that can be used to validate the sending origin.

Cross-Origin communication via postMessage introduces a tainted data source that is difficult to identify using currently available tools.

In many cases, vulnerable code is introduced via third party libraries and therefore may undermine the security of an otherwise secure application.

If used carelessly, cross origin messaging can lead to DOM XSS and/or information leak.

Common security vulnerabilities

DOM XSS

HTML5 postMessage introduces a new taint source in the form of the message payload (event.data). A DOM based XSS vulnerability occurs when the payload of a message event is handled in an unsafe way.

Common sinks:

  • document.write(input)
  • element.innerHTML = input
  • location = input
  • window.open(input)
  • $(input)
  • eval(input)
  • ScriptElement.src = input
  • ScriptElement.text = input

Broken origin validation:

Sometimes, regex are used to validate the origin domain.

If you encounter this types of checks, look for:

Information Leak

An information leak occurs when a page sends a postMessage to an attacker controlled domain.

This can happen in a number of ways, for example, the pages assumes that is being iframed by a trusted domain, and sends the message to the parent element.

window.parent.postMessage(sensitiveData, "*");

All the attacker would need to do, is iframe the vulnerable page and receive the message.

About this extension

This is a Burp extension which helps you find usages of cross origin messaging so that you can investigate the implementation closely and determine if it is secure or not.

alt text

Wiki

Check the wiki for examples of PoC exploits for several common scenarios.

More information

To learn more about this type of vulnerability, I highly recommend reading this amazing paper.

Note that the project description data, including the texts, logos, images, and/or trademarks, for each open source project belongs to its rightful owner. If you wish to add or remove any projects, please contact us at [email protected].