Research Academy
My account Customers About Blog Careers Legal Contact Resellers

Burp Suite User Forum

Create new post

Cross domain script inclusion is not very reliable

Daniel | Last updated: Jun 14, 2017 01:54PM UTC

The scanner plugin for cross domain script inclusion is not very reliable - it always shows not nearly all cross domain scripts that are included. For example, if there's a script block on a page that injects another script tag with a 3rd party src, the plugin doesn't detect it. It should be fairly simple to check all requests with a script content type response for the referrer, and use that as an additional method to check for cross domain includes. I.e. if in the history you see a request to google-analytics.com, and the response has a content type of text/javascript, take a look at the referrer and add google-analytics.com as a cross domain script inclusion to the page designated by the referrer.

PortSwigger Agent | Last updated: Jun 14, 2017 02:03PM UTC

I agree, that test is fairly basic. It was written before systems like RequireJS were so common. Your suggestion sounds good. I have created a story on our backlog, and we'll let you know when there's progress. This is potentially something you could implement in an extension.

PortSwigger Agent | Last updated: Mar 28, 2018 11:18AM UTC

I have coded an extension that implements this technique: - https://github.com/pajswigger/check-dynamic-links

You must be an existing, logged-in customer to reply to a thread. Please email us for additional support.