I’ve written some add-ons to Burp Proxy, by @portswigger.
This is a little extension to color your proxy history based on characteristics in the HTTP headers. Very useful when doing multi-user testing scenarios, and you want to be able to distinguish between sessions (or browsers. ) This is how you set it up:
Select if the inspection is to be on the request or response
Three types of checks, either
Startswith- as it sounds, just checks if a header start matches exactly with what you’ve typed. Useful to e.g. flag server banners or funky headers.
Contains- checks if the specified string is anywhere within the request. Useful for cookies, since may wind up in arbitrary order.
Regexp- allows you to specify a more advanced string.
A few screenshots:
Inspects the traffic, and looks for cross-domain include of scripts. Burps built-in checks for this is based on HTML-parsing (afaik), which does not give 100% coverage, obviously. My variant instead inspects the http-headers. My Firefox-based analysis shows the following observation:
|Requests to domains where referer domain differs from target|
|origin.com/foo/||*/*||Probably a script-tag|
|missing||*/*||Manually entered by the user|
So, what the extension does, is simply check for Accept-header
*/* where target domain differs from referer domain, and flags a warning.