GitPlanet

Cheap and reliable Node.js hosting starts at $3/month, and $1/month static HTML hosting

Created with love in Canada, visit hostnodejs.com today

Feel like to post an Ad? Learn Details
All Projects → LinkedInAttic → sometime

LinkedInAttic / sometime

Licence: other
A BurpSuite plugin to detect Same Origin Method Execution vulnerabilities

Programming Languages

java
68154 projects - #9 most used programming language

#SOMEtime

SOMEtime is a passive plugin for the security scanner BurpSuite which will monitor HTTP Request and Responses to determine if a webpage is vulnerable to Same Origin Method Execution.

For more details on Same Origin Method Execution see Ben Hayak's talk or our post on LinkedIn

##How To Use - Burp Pro Passive Scanner Plugin

  1. Clone the repository
  2. Build the code with Maven
$ mvn compile && mvn package
  1. Load Burp Suite Professional
  2. From the Extender tab in Burp Suite, add sometime-0.0.1-SNAPSHOT-jar-with-dependencies.jar as a standard Java-based Burp Extension
  3. Enable Burp Scanner Passive Scanning
  4. Browse your target web application. All requests and responses will be tested for Same Origin Method Execution

##Example There is a directory included in this repository containing proof-of-concept code which showcases the vulnerability. To see the vulnerability, first add 'attacker.com' and 'victim.com' to point to your webserver in '/etc/hosts'. Then, navigate to 'main.html' where the exploit should run. If all works correctly, then there should be an alert pop-up on victim.com, displaying Javascript execution.

Note that the project description data, including the texts, logos, images, and/or trademarks, for each open source project belongs to its rightful owner. If you wish to add or remove any projects, please contact us at [email protected].