The first step is to create an empty (Java) project and add the Burp Extensibility API (the Javadoc of the API can be found here) into your classpath. Basic Steps for (Any Burp) Extension Writing For more details about the mitigation process, please check the OWASP HTML Security Check article. The attack vectors are the HTML links and JavaScript window.open function, so, to mitigate the vulnerability, you have to add the attribute value rel="noopener noreferrer" to all the HTML links and, for JavaScript, add add the values noopener,noreferrer in the windowFeatures parameter of the window.openfunction. The cause of this attack is the capacity of a new opened page to act on parent page’s content or location.įor more details about the attack itself, you can check the OWASP Reverse Tabnabbing article. For example, a victim's site could be replaced by a phishing site. “Reverse Tabnabbing” is an attack where an (evil) page linked from the (victim) target page is able to rewrite that page. The goal of this article is to explain how to create an extension for the Burp Suite Professional, taking as implementation example the “Reverse Tabnabbing” attack.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |