Passive/Active Scan Problems with Weird p4r4m* Params
Closed this issue · 2 comments
Hi,
When the extension is loaded, if I conduct an active scan, I have this kind of results on the scan results p4r4m* parameters, which does not exist as parameters at all.
I only have EndpointsExtractor loaded as profile (attaching below), and it seems that it is causing this. However it is really weird because this profile works only as passive responses while the results I send you as active scan results. Since it is a passive response profile, how it can affect active scan results? Any insights?
In case you wonder, it scans all "/" characters, so for a first line such as GET /oauth2/authorize?response_type=https://asd HTTP/1.1 it is actually scanning all different results such as below:
- GET {scans_here}
- GET /oauth2{scans_here}
- GET /oauth2/authorize?response_type=https:{scans_here}
And it is additionally super weird because I only allow to scan URL/body parameter values on my active scan configuration.
EndpointsExtractor.bb:
[{"Name":"EndpointsExtractor","Active":true,"Scanner":2,"Author":"@GochaOqradze","Payloads":[],"Encoder":[],"UrlEncode":false,"CharsToUrlEncode":"","Grep":["(?:\"|\u0027)(((?:[a-zA-Z]{1,10}://|//)[^\"\u0027/]{1,}\\.[a-zA-Z]{2,}[^\"\u0027]{0,})|((?:/|\\.\\./|\\./)[^\"\u0027\u003e\u003c,;| *()(%%$^/\\\\\\[\\]][^\"\u0027\u003e\u003c,;|()]{1,})|([a-zA-Z0-9_\\-/]{1,}/[a-zA-Z0-9_\\-/]{1,}\\.(?:[a-zA-Z]{1,4}|action)(?:[\\?|/][^\"|\u0027]{0,}|))|([a-zA-Z0-9_\\-]{1,}\\.(?:php|asp|aspx|jsp|json|action|html|js|txt|xml)(?:\\?[^\"|\u0027]{0,}|)))(?:\"|\u0027)"],"Tags":["All"],"PayloadResponse":false,"NotResponse":false,"TimeOut":"","isTime":false,"contentLength":"","iscontentLength":false,"CaseSensitive":false,"ExcludeHTTP":true,"OnlyHTTP":false,"IsContentType":false,"ContentType":"","NegativeCT":false,"IsResponseCode":false,"ResponseCode":"","NegativeRC":false,"MatchType":2,"RedirType":0,"MaxRedir":0,"payloadPosition":1,"payloadsFile":"","grepsFile":"","IssueName":"EndpointsExtractor","IssueSeverity":"Information","IssueConfidence":"Firm","IssueDetail":"\u003cgrep\u003e","RemediationDetail":"","IssueBackground":"","RemediationBackground":"","Header":[],"VariationAttributes":[],"InsertionPointType":[0],"pathDiscovery":false}]
I thought it was deleted on the repository that I found maybe due to this problem, however owner told that he deleted that because it also exist at this repository as: https://github.com/wagiro/BurpBounty/blob/master/profiles/EndpointsExtractor.bb