Burp Suite Plugin
ActiveScan++ extends Burp Suite's active and passive scanning capabilities. Designed to add minimal network overhead, it adds checks for the following issues:
Rather than risking numerous false negatives by attempting to automate Relative Path Overwrite and Host header attacks from start to finish, it identifies key vulnerability components and flags these for user review.
- Dynamic code injection (PHP/Perl/Ruby's eval(), expression language injection)
- Host header attacks (password reset poisoning, cache poisoning, DNS rebinding)
- OS command injection (designed to complement Burp's coverage)
- Relative Path Overwrite
- CVE-2014-6271 'shellshock'
Burp Suite Professional (version 1.6 or later) Jython 2.5 or later standalone: