[link]https://github.com/PortSwigger/httpoxy-scanner[/link]
[tags]HTTPoxy,burpsuite,vulnerabilities,scanner[/tags]
[short_descr]A Burp Suite extension that checks for the HTTPoxy vulnerability.[/short_descr]
[long_descr]This example uses the HTTPoxy vulnerability to illustrate use of the Burp Collaborator. We generate URLs for a vulnerable application to request, and find the vulnerability by asking the Collaborator for interactions with those URLs.
[link]https://github.com/PortSwigger/httpoxy-scanner[/link] [tags]HTTPoxy,burpsuite,vulnerabilities,scanner[/tags] [short_descr]A Burp Suite extension that checks for the HTTPoxy vulnerability.[/short_descr] [long_descr]This example uses the HTTPoxy vulnerability to illustrate use of the Burp Collaborator. We generate URLs for a vulnerable application to request, and find the vulnerability by asking the Collaborator for interactions with those URLs.
A collaborator context is used to generate payloads and we send these in a Proxy header during an active scan.[/long_descr] [image]https://raw.githubusercontent.com/gwen001/offsectools_www/main/3d3d3676a0f0d87c93914a7a8ea46f8d.png[/image]