Burpsuite-Parser
view release on metacpan or search on metacpan
t/test1.xml view on Meta::CPAN
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Referer: http://192.168.163.128/beef/js/
]]></request>
<response><![CDATA[HTTP/1.1 200 OK
Date: Mon, 12 Oct 2009 14:27:18 GMT
Server: Apache/2.2.9 (Ubuntu) PHP/5.2.6-bt0 with Suhosin-Patch mod_perl/2.0.4 Perl/v5.10.0
Last-Modified: Wed, 02 Sep 2009 02:37:28 GMT
ETag: "40d7e-41a-4728f25dd6a00"
Accept-Ranges: bytes
Content-Length: 1050
Connection: close
Content-Type: application/javascript
// Copyright (c) 2006-2009, Wade Alcorn
// All Rights Reserved
// wade@bindshell.net - http://www.bindshell.net
// --[ AUTORUN CLASS
var Autorun = Class.create();
Autorun.prototype = {
initialize: function() {
this.version = '0.1',
this.authors = 'Wade Alcorn <wade@bindshell.net>',
this.enabled = false,
this.module = '',
this.code = ''
},
// params: string to be displayed in sidebar, base64 encode code
enable: function(module_name, code) {
this.code = code;
var params = 'data='+code;
new Ajax.Updater('module_status', 'send_cmds.php?action=autorun', {method:'post',parameters:params,asynchronous:false});
this.enabled = true;
this.module = module_name;
$('autorun_dyn').innerHTML = this.module + ' Module Enabled';
},
disable: function() {
var params = 'data=disable';
new Ajax.Updater('module_status', 'send_cmds.php?action=autorun', {method:'post',parameters:params,asynchronous:false});
this.enabled = false;
this.module = '';
this.status = 'Disabled';
$('autorun_dyn').innerHTML = this.status;
}
}]]></response>
</requestresponse>
</issue>
<issue>
<serialNumber>4408084536896053248</serialNumber>
<type>4195072</type>
<name>Password field submitted using GET method</name>
<host>http://192.168.163.128</host>
<path><![CDATA[/beef/]]></path>
<location><![CDATA[/beef/]]></location>
<severity>Low</severity>
<confidence>Certain</confidence>
<issueBackground><![CDATA[The application uses the GET method to submit passwords, which are transmitted within the query string of the requested URL. Sensitive information within URLs may be logged in various locations, including the user's brow...
<remediationBackground><![CDATA[All forms submitting passwords should use the POST method. To achieve this, you should specify the method attribute of the FORM tag as <b>method="POST"</b>. It may also be necessary to modify the corresponding serv...
<issueDetail><![CDATA[The page contains a form with the following action URL, which is submitted using the GET method:<ul><li>http://192.168.163.128<wbr>/beef/</li></ul>The form contains the following password field:<ul><li>passwd</li></ul>]]></i...
<requestresponse>
<request><![CDATA[GET /beef/ HTTP/1.1
Host: 192.168.163.128
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9.1.3) Gecko/20090824 Firefox/3.5.3 (.NET CLR 3.5.30729)
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 300
Proxy-Connection: keep-alive
]]></request>
<response><![CDATA[HTTP/1.1 200 OK
Date: Mon, 12 Oct 2009 14:26:53 GMT
Server: Apache/2.2.9 (Ubuntu) PHP/5.2.6-bt0 with Suhosin-Patch mod_perl/2.0.4 Perl/v5.10.0
X-Powered-By: PHP/5.2.6-bt0
Vary: Accept-Encoding
Content-Type: text/html
Content-Length: 3194
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.1//EN" "http://www.w3.org/TR/xhtml11/DTD/xhtml11.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en">
<head>
<link rel="stylesheet" type="text/css" href="css/firefox/menu.css"> <link rel="stylesheet" type="text/css" href="css/firefox/style.css">
<title>Browser Exploit Framework</title>
<link rel="icon" href="favicon.ico" type="image/x-icon">
<script src="js/prototype.js" type="text/javascript"></script>
<script src="js/scriptaculous.js" type="text/javascript"></script>
<script src="js/common.js" type="text/javascript"></script>
<script>
// ---[ BEEF_ERROR
function beef_error(error_string) {
new Effect.Shake('beef_icon');
alert(error_string);
}
// ---[ SUBMIT_CONFIG
function submit_config(config, passwd) {
new Ajax.Updater('config_results', 'submit_config.php?config=' + config + '&passwd=' + passwd, {asynchronous:true});
}
</script>
</head>
<body>
<!-- SIDEBAR -->
<div id="sidebar">
<!-- BEEF HEADER - LINK AND IMAGE-->
<div id="header">
<center><a href=http://www.bindshell.net/tools/beef/>Browser Exploitation Framework</a></center>
<h1><div id="beef_icon"><img src="images/beef.gif" onclick="new Effect.Shake('sidebar');"></div> BeEF</h1>
</div>
( run in 1.914 second using v1.01-cache-2.11-cpan-9581c071862 )