Burp Suite extension is able to find reflected XSS on page in real-time while browsing on web-site and include some features as:
- Highlighting of reflection in the response tab.
- Test which symbols is allowed in this reflection.
- Analyze of reflection context.
- Content-Type whitelist.
How to use
After plugin install you just need to start work with the tested web-application. Every time when reflection is found, reflector defines severity and generates burp issue.
Each burp issue includes detailed info about reflected parameter, such as:
- Symbols that allowed in this reflection.
- Highlighting of reflection value in response.
- Reflection context analyze.
Allowed sybmols analyse
Context analyse
- reflection with next characters – ‘,”, < and the double quote allow to exit from this context and write HTML code.
- reflection with next characters – “, < and the bracket allow to inject HTML-tags.
- reflection with next characters – ‘,”, < and the single quote allow to exit from js variable context and write malicious code.
In the issue information it’s marked as:
- Context char – character that allows to breake the syntax.
- Other chars – other chars that are reflected without context.
Reflection navigation
Navigation by arrow buttons in the response tab.
Settings
- Scope only – allow reflector to work only with a scope added websites.
- Agressive mode – reflector generates additional request with a test payload .
- Check context – activate check context mode.
Moreover you can manage content-types whitelist with which reflector plugin should work. But if you will use another types except text/html, this can lead to slowdowns in work.