reddit hackernews mail facebook facebook linkedin
HTTPoxy Scanner

HTTPoxy Scanner

A Burp Suite extension that checks for the HTTPoxy vulnerability.

This example uses the HTTPoxy vulnerability to illustrate use of the Burp Collaborator. We generate URLs for a vulnerable application to request, and find the vulnerability by asking the Collaborator for interactions with those URLs.

A collaborator context is used to generate payloads and we send these in a Proxy header during an active scan.