Broken Link Hijacking Burp Plugin
- Broken Link Hijacking (BLH) is lesser known attack.there is an brief introduction & exploitation about it by EdOverFlow.
- There is an already fully customize package for discovering BLH endpoints, https://www.npmjs.com/package/broken-link-checker but setting it up is really painful,Authentication based link validating was also an problem with it.
- i decided to write a plugin based on following html tags,attributes
Burp Extension to discover broken links using IScannerCheck & synchronized threads.
Features:
Supports various HTML elements/attributes with regex based on following
- Concurrently checks multiple links using defined threads.
- Customizing
[STATUS_CODES|PATH-PATTERN|MIME-TYPE]
https://github.com/arbazkiraak/BurpBLH/blob/master/blhchecker.py#L20
Usage:
By default it passively scans the responses with Target “Scope in” . Make sure to add the targets into the scope. (Reason: To Avoid Noise)
WHITELIST_CODES
- You can add status_code's to this list for more accurate results.
ex: avoiding https redirects by adding 301
, if the path,url redirects to https.
WHITELIST_PATTERN
- Regex extracting pattern based on given patterns.
- ex: /admin.php
- //google.com/test.jpg
- ../../img.src
WHITELIST_MEMES
- Whitelisting MimeType to be processed for scanning patterns in responses if their Mime-Type matches.
ex: Mainly used to avoid performing regexes in gif,img,jpg,swf etc
no_of_threads
- Increase no of threads , default : 15
Output
- 2 Ways it outputs the broken links.
- Broken Links which belongs to external origins.
- Broken Links which belongs to same origins.
- If there are no external origin broken links then look for same origin broken links & return same origin broken links.
- if there are external origin broken links & same origin broken links then return only external origin broken links.
OUTPUT1: External Origins
OUTPUT2: Same Origins
This plugin is based on https://github.com/stevenvachon/broken-link-checker