GovTech-CSG
commented
3 months ago Hi, I am afraid this might create a lots of unnecessary noise to the burp scan window as many web requests do have base64 and size(16) data which are not part of the encryption. Furthermore, the aim of the extension is to target both Burp Suite Community and Professional edition so that it can benefit wider community, the burp passive scan feature seems like only availabe in Burp Suite Professional version.
I think a really nice addition to this extension would be a passive scan check.
The passive scan check could go through all parameters and check if one of them is exactly a multiple of the most common block size (16) in hex or base64, then add an informational issue in Burp that this parameter should be checked for padding oracle. An advanced version of it would also check the entropy of the hex/base64-decoded version and only report the issue if the parameter has a high entropy.