Research Academy
My account Customers About Blog Careers Legal Contact Resellers
The Burp Suite User Forum was discontinued on the 1st November 2024.

Burp Suite User Forum

For support requests, go to the Support Center. To discuss with other Burp users, head to our Discord page.

SUPPORT CENTER DISCORD

Dom invader bug?

chain00x | Last updated: Aug 06, 2023 04:47PM UTC

Hi, I found a small problem with dom invader. This is my code of html: <script> function getQueryVariable(variable) { var query = window.location.search.substring(1) var vars = query.split("&") for (var i = 0; i < vars.length; i++) { var pair = vars[i].split("=") if (pair[0] == variable) { return decodeURIComponent(pair[1]) } } return false } function locationReplace(e) { window.location.replace(e); } var url = getQueryVariable("url"); var a = locationReplace(url); </script> I set the canary is test,when I goto http://127.0.0.1/test.html?url=cgg://test.com Plugins are not prompted in developer tools. But when I take sink on,console have a hint: isInteresting true VM51:4 canary cgg VM51:5 sink location.replace VM51:6 stackTrace at Object._0x343e27 [as proxiedLocationFunctionCallback] (<anonymous>:13:462360) at Object.replace (<anonymous>:13:143865) at locationReplace (http://127.0.0.1/test.html?url=cgg://test.com:15:29) at http://127.0.0.1/test.html?url=cgg://test.com:19:17 VM51:7 value cgg://test.com VM51:8 url http://127.0.0.1/test.html?url=cgg://test.com VM51:9 framePath top VM51:10 event VM51:11 outerHTML I want to know if it's my operation or the plugin.

chain00x | Last updated: Aug 06, 2023 04:48PM UTC

Additional note:when I take Sink callback configuration on console have a hint

chain00x | Last updated: Aug 06, 2023 05:09PM UTC

Can trace location.replace when you use this code function locationReplace(e) { setTimeout("window.location.replace(\""+e+"\")", 2000) } var url = new URLSearchParams(window.location.search).get("url") var a = locationReplace(url)

chain00x | Last updated: Aug 06, 2023 05:10PM UTC

Whether the jump is too fast, has not been shown to stop working

Michelle, PortSwigger Agent | Last updated: Aug 07, 2023 01:54PM UTC

Hi Can you confirm which version of Burp you are using so we can have a chat with the team?

Michelle, PortSwigger Agent | Last updated: Aug 09, 2023 09:02AM UTC