$50 bounty to the guy/guys who will implement this feature

elkokc / reflector

Burp plugin able to find reflected XSS on page in real-time while browsing on site

1.12k stars 162 forks source link

$50 bounty to the guy/guys who will implement this feature #22

Closed 0xspade closed 2 years ago

0xspade commented 3 years ago

Hi,

Since reflector is just detecting characters like ' " > < /, etc. I am thinking an injection like %3E then the server will detect < (although sometimes the server always convert this automatically, then there should be an option).

and also if the reflector injects %253E it will detect if the server decodes it as <. < as < \u003e as < \x3e as < ＜ as <

take note that not only the different encodings of < should be implemented, the others should too. :)

shelld3v commented 2 years ago

Has this feature been implemented? Is the bounty still up for people?

0xspade commented 1 year ago

Has this feature been implemented? Is the bounty still up for people?

yep, this request is still open