Broken Link Hijacking Burp Plugin

  • Broken Link Hijacking (BLH) is lesser known attack.there is an brief introduction & exploitation about it by EdOverFlow. by Ed

  • There is an already fully customize package for discovering BLH endpoints, but setting it up is really painful,Authentication based link validating was also an problem with it.
  • i decided to write a plugin based on following html tags,attributes

Burp Extension to discover broken links using IScannerCheck & synchronized threads.

Supports various HTML elements/attributes with regex based on following

  • Concurrently checks multiple links using defined threads.

By default it passively scans the responses with Target “Scope in” . Make sure to add the targets into the scope. (Reason: To Avoid Noise)

WHITELIST_CODES - You can add status_code's to this list for more accurate results.

ex: avoiding https redirects by adding 301, if the path,url redirects to https.

WHITELIST_PATTERN - Regex extracting pattern based on given patterns.

  1. ex: /admin.php
  2. //
  3. ../../img.src

WHITELIST_MEMES - Whitelisting MimeType to be processed for scanning patterns in responses if their Mime-Type matches.

ex: Mainly used to avoid performing regexes in gif,img,jpg,swf etc

no_of_threads - Increase no of threads , default : 15


  • 2 Ways it outputs the broken links.
  1. Broken Links which belongs to external origins.
  2. Broken Links which belongs to same origins.
  • If there are no external origin broken links then look for same origin broken links & return same origin broken links.
  • if there are external origin broken links & same origin broken links then return only external origin broken links.

OUTPUT1: External Origins

OUTPUT2: Same Origins

This plugin is based on

Security Analyst

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store