Skip to content

buby html comments

Jump to bottom Edit New page
cktricky edited this page Jun 3, 2011 · 2 revisions

Author(s):

Ken Johnson [CKTRICKY]

Description:

Puts the remote URL (RURL) in scope and extracts comments from any in scope site.

References:

http://blog.portswigger.net/2009/04/using-burp-extender.html

Module Options:

RURL   http://www.example.com   true       Enter the remote url value

Options Explained (Module Specific):

RURL -- The Remote URL (RURL) entered will be added to scope. Essentially this module takes any site in scope and extracts comments from responses to sent requests.

Real world example:

The target site is https://iamwaitingtobepwnedreallyhard.com and I'd like to collect the comments from the site into one file while performing my assessments, type:

set RURL https://iamwaitingtobepwnedreallyhard.com

Then navigate to jlib/wXf/wXflog/ and pick out the comments file comment_iamwaitingtobepwnedreallyhard.com.

TIP: The file will name will always be => comments_ + the host name of the RURL.

Add a custom footer
Add a custom sidebar
Clone this wiki locally