Threat Level: green Handler on Duty: Didier Stevens

SANS ISC: InfoSec Handlers Diary Blog - New Burp Feature - ClickBandit InfoSec Handlers Diary Blog


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

New Burp Feature - ClickBandit

Published: 2015-12-10
Last Updated: 2015-12-10 13:07:55 UTC
by Rob VandenBrink (Version: 1)
1 comment(s)

If you've ever worked through a web application pentest and found clickjacking vulnerabilities,you may have had some trouble in the "why is this important"  conversation with your client.

The newest versions of Burp (after 1.6.32) have a new feature called "ClickBandit".  ClickBandit will create the clickjacking attack for you, so you can illustrate the business impact to your client on their own site.  There's nothing like a video of their own site getting exploited to bring the point home!

More details on this new feature here:  http://blog.portswigger.net/2015/12/burp-clickbandit-javascript-based.html. 

===============
Rob VandenBrink
Compugen

Keywords: Burp clickjacking
1 comment(s)
Diary Archives