LewisArdern
commented
5 years ago This should also include a burp and zap extension to automatically include on active scans.
Closed LewisArdern closed 5 years ago
LewisArdern
commented
5 years ago This should also include a burp and zap extension to automatically include on active scans.
LewisArdern
commented
5 years ago This is a lot more trivial than necessary, you can essentially use document.getCurrentScript (which is now working) just need to push the code after finishing the payload improvements
Need a way to capture what payload fired on the client, this can probably be done by just giving the element created a class name, with an identifier for the generated payload e.g...
var _ document.createElement('script'); x.className="1"
Then when processing on the server utilize the class name to determine what payload was fired and include that in reporting..