Dobin Rutishauser
Dobin Rutishauser
The "HTML Errors" indicator sometimes appears, which means there are HTML differences. But there is no output ("Error message") in the tooltip. The indicator should only appear: - If there...
Release new version into the burp app store
Write a tutorial with all features (e.g. persistent XSS). Either with GIF's, or as video.
Color the attacks in panelright. - XSS, SQL1, SQL2, Other, ... as light blue, yellow, etc. - Make color configurable in the attack selector window (see #14)
Attacks should not be selected per-parameter, but overall (also not per-request). Attacking a parameter should use the attacks specified in the overall configuration. - Selection box with: - Sentinel payloads...
Insert {} stuff
From burp release: There are new settings to enable session handling rules to be in scope for the Extender tool, and to update Burp's cookie jar based on traffic via...
- beautify: - should work correctly (also on xss) - should not de-beautify - should work on strange content, like: {"": ""}{} - diff view: - colorize
Currently FFW only supports mutation fuzzers, which are based on prerecorded data from the interceptor. It should also support generative fuzzers, which do not have prerecorded data. * Add fuzzer...
The current asan parser https://github.com/dobin/ffw/blob/master/verifier/asanparser.py is a complete hack. Maybe someone else made a complete asan parser in python already? If not, make it it's own project, add unit-tests.