DetectDynamicJS icon indicating copy to clipboard operation
DetectDynamicJS copied to clipboard

Published 20 hours ago verified publisher icon luh2

Testing and Debugging

Open soffensive opened this issue 7 years ago • 3 comments

How do you test and / or debug the extension? I am currently trying to make it work and add features

soffensive avatar Jan 25 '18 12:01 soffensive

I currently test manually. Debugging with print statements. I get around quite quick. It would be nice to have a proper test setup though. Do you have something in mind, that goes well with burp extensions?

luh2 avatar Jan 26 '18 21:01 luh2

Unfortunately, I think Java extensions would be easier to debug than Python extensions. Do you have a standard vulnerable app you use for testing? I tried Google Gruyere and found that the extension did not report the XSSI vulnerability, which is why I became curious in the first place and started digging in the extension's source code. It seems that the extension has not worked since at least July 2016 (commit 99ea4de339da0272451f2bb40b5153a97e9a8d3f)

Overall, I would suggest that before releasing a version it should be tested against a range of known vulnerabilities on a constructed web app.

soffensive avatar Jan 27 '18 09:01 soffensive

I haven't looked at proper test suits for Burp Jython extensions, but if you have something that would be working, I am open. Does Gruyere have XSSI vulnerabilities, maybe that could be an option for testing.

luh2 avatar Jan 27 '18 10:01 luh2