search

PortSwigger / BChecks

BChecks collection for Burp Suite Professional and Burp Suite Enterprise Edition
https://portswigger.net/burp/documentation/scanner/bchecks
GNU Lesser General Public License v3.0
588 stars 104 forks source link

Check in request or response #138

Closed Techbrunch closed 8 months ago

Techbrunch commented 8 months ago

We have created a simple BCheck to flag response with Content-Type: text/event-stream:

metadata:
    language: v1-beta
    name: "Event-stream detection"
    description: "Checks for event-stream (passive)"
    tags: "passive"

given response then
    if "text/event-stream" in {latest.response.headers} then
        report issue:
            severity: info
            confidence: certain
            detail: "The Content-Type: Event-stream is set in the response."
    end if

We would like to also check the request for Accept: text/event-stream in the same BCheck but that does not appear to be possible.

Basically what we would like is given request or response contains text/event-stream then report issue.

Techbrunch commented 8 months ago

I think it works:

metadata:
    language: v1-beta
    name: "Server-sent events detection"
    description: "Checks for usage of server-sent events."
    tags: "passive"

given response then
    if "text/event-stream" in {latest.request.headers} or 
       "text/event-stream" in {latest.response.headers} then
        report issue:
            severity: info
            confidence: certain
            detail: "The application appears to be using server-sent events."
    end if