elkokc
commented
6 years ago Hi! Yes, there are some cases that actually may give false-positive error. So, its better to make manuall tests, before submit your finding.
Open ghost opened 6 years ago
elkokc
commented
6 years ago Hi! Yes, there are some cases that actually may give false-positive error. So, its better to make manuall tests, before submit your finding.
shvetsovalex
commented
6 years ago Hi, Buffer0overflow! Please, can you describe endpoints with false positive reports? We want to impove our plugin, so it will be very useful if you describe false positive situations.
Thanks
ghost
commented
6 years ago Hi shvetsovalex , I came across several false positives with reflector where i can see it was possible to avoid. below is one example ;
the tool functionality as i understand it is to search for certain pattern inside requests , then check responses - if same pattern found , then it will report possible XSS injection. i have enabled aggressive mode and context check in plugin options , but still got this false positive because the server sanitized <> chars - the plugin reporting could be improved as i think if it checks for <>;'/" chars inside responses and see if they are escaped or not. what i was not able to understand is why context analyze was not able to do this test in such scenario and check for special char reflections thus avoid reporting such cases.
other example ;
This was little more naive to report by the tool as the request body included a certain word " report" , then this report reflected by in response as part of URL address https://xx.xxxx.net/api/30/csp-**report**/?sentry_key=xxxxxxx
there are more reports i came across but i was working on temp project inside burp and didn't same them.
i have to say that i like the tool a lot and i think scope for improve is big. I'm also a beginner who started a few months ago in hacking and infosec , so my assessment might not be as you expect from pros.
Thanks and regards, B0overflow
Does this tool reported False Positives before?? I came across two endpoints reported vulnb for XSS but i was not able to check that manually! so i thought it might be false positive.
can you help out please?
Thanks