Burpsuite-Parser

 view release on metacpan or  search on metacpan

t/test1.xml  view on Meta::CPAN

Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Referer: http://192.168.163.128/beef/js/

]]></request>
      <response><![CDATA[HTTP/1.1 200 OK
Date: Mon, 12 Oct 2009 14:27:18 GMT
Server: Apache/2.2.9 (Ubuntu) PHP/5.2.6-bt0 with Suhosin-Patch mod_perl/2.0.4 Perl/v5.10.0
Last-Modified: Wed, 02 Sep 2009 02:37:28 GMT
ETag: "40d7e-41a-4728f25dd6a00"
Accept-Ranges: bytes
Content-Length: 1050
Connection: close
Content-Type: application/javascript

// Copyright (c) 2006-2009, Wade Alcorn 
// All Rights Reserved
// wade@bindshell.net - http://www.bindshell.net

// --[ AUTORUN CLASS
var Autorun = Class.create();
Autorun.prototype = {
	initialize: function() {
		this.version	= '0.1',
		this.authors	= 'Wade Alcorn <wade@bindshell.net>',
		this.enabled	= false,
		this.module	= '',
		this.code	= ''
	},
	// params: string to be displayed in sidebar, base64 encode code
	enable: function(module_name, code) {
		this.code = code;
		var params = 'data='+code;
		new Ajax.Updater('module_status', 'send_cmds.php?action=autorun', {method:'post',parameters:params,asynchronous:false});

		this.enabled	= true;
		this.module	= module_name;
		$('autorun_dyn').innerHTML = this.module + ' Module Enabled';
	},
	disable: function() {
		var params = 'data=disable';
		new Ajax.Updater('module_status', 'send_cmds.php?action=autorun', {method:'post',parameters:params,asynchronous:false});
		this.enabled	= false;
		this.module	= '';
		this.status	= 'Disabled';
		$('autorun_dyn').innerHTML = this.status;
	}
}]]></response>
    </requestresponse>
  </issue>
  <issue>
    <serialNumber>4408084536896053248</serialNumber>
    <type>4195072</type>
    <name>Password field submitted using GET method</name>
    <host>http://192.168.163.128</host>
    <path><![CDATA[/beef/]]></path>
    <location><![CDATA[/beef/]]></location>
    <severity>Low</severity>
    <confidence>Certain</confidence>
    <issueBackground><![CDATA[The application uses the GET method to submit passwords, which are transmitted within the query string of the requested URL. Sensitive information within URLs may be logged in various locations, including the user's brow...
    <remediationBackground><![CDATA[All forms submitting passwords should use the POST method. To achieve this, you should specify the method attribute of the FORM tag as <b>method="POST"</b>. It may also be necessary to modify the corresponding serv...
    <issueDetail><![CDATA[The page contains a form with the following action URL, which is submitted using the GET method:<ul><li>http://192.168.163.128<wbr>/beef/</li></ul>The form contains the following password field:<ul><li>passwd</li></ul>]]></i...
    <requestresponse>
      <request><![CDATA[GET /beef/ HTTP/1.1
Host: 192.168.163.128
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9.1.3) Gecko/20090824 Firefox/3.5.3 (.NET CLR 3.5.30729)
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 300
Proxy-Connection: keep-alive

]]></request>
      <response><![CDATA[HTTP/1.1 200 OK
Date: Mon, 12 Oct 2009 14:26:53 GMT
Server: Apache/2.2.9 (Ubuntu) PHP/5.2.6-bt0 with Suhosin-Patch mod_perl/2.0.4 Perl/v5.10.0
X-Powered-By: PHP/5.2.6-bt0
Vary: Accept-Encoding
Content-Type: text/html
Content-Length: 3194


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.1//EN" "http://www.w3.org/TR/xhtml11/DTD/xhtml11.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en">
<head>

	<link rel="stylesheet" type="text/css" href="css/firefox/menu.css">	<link rel="stylesheet" type="text/css" href="css/firefox/style.css">	
	<title>Browser Exploit Framework</title>

	<link rel="icon" href="favicon.ico" type="image/x-icon">
	<script src="js/prototype.js" type="text/javascript"></script>
	<script src="js/scriptaculous.js" type="text/javascript"></script>
	<script src="js/common.js" type="text/javascript"></script>

	<script>

		// ---[ BEEF_ERROR
		function beef_error(error_string) {
			new Effect.Shake('beef_icon');
			alert(error_string);
		}

		// ---[ SUBMIT_CONFIG
		function submit_config(config, passwd) {
			new Ajax.Updater('config_results', 'submit_config.php?config=' + config + '&passwd=' + passwd, {asynchronous:true});
		}

	</script>

</head>
<body>

	<!-- SIDEBAR -->
	<div id="sidebar">
		<!-- BEEF HEADER - LINK AND IMAGE-->
		<div id="header">
			<center><a href=http://www.bindshell.net/tools/beef/>Browser Exploitation Framework</a></center>
			<h1><div id="beef_icon"><img src="images/beef.gif" onclick="new Effect.Shake('sidebar');"></div> BeEF</h1>
		</div>



( run in 1.914 second using v1.01-cache-2.11-cpan-9581c071862 )