Some improvements - Githubissues

elkokc / reflector

Burp plugin able to find reflected XSS on page in real-time while browsing on site

1.12k stars 162 forks source link

Some improvements #11

Closed eur0pa closed 6 years ago

eur0pa commented 6 years ago

code refactoring
bug fixes and QoL
functionality improvements

shvetsovalex commented 6 years ago

Thank you for your notices, eur0pa. We apply some useful improvements from your pull-request.

P.S. We don't urlencode payload because in case where there is text/plain or multipart/formdata content-type we can force reflected xss without auto urlencoding. Therefore, we either encode only application/x-www-form-urlencoded data or we encode all types of bodies for eliminate vulnerability missing.

eur0pa commented 6 years ago

Hmm, I see. Just watch out as sending < or " unencoded will sometimes trigger a 400 response on endpoints that might be exploitable with %3C and %22