A few weeks a go I had an idea.
— Ryan Dewhurst (@ethicalhack3r) June 28, 2012
When I get ideas that I think have something worth while in them I note them down for future reference.
The three main points to get this working were:
The first step was to somehow extract HTML responses from Burp Suite, luckily someone had already written a Ruby Burp extender called Buby. I followed this awesome series of blog posts to get myself aquatinted with Buby.
In my original plan I had planned to use Dynamic Taint Analysis, this would have compromised of arrays of Sinks, Sources and Securing functions, however, the regular expression route is much easier as it has already been done for us by Mario. :)
StaticBurp ALPHA (it’s had limited testing and was written during my lunch break) can be found here:
To run it first install Buby. Then I used the following command:
jruby -S buby -i -B /pentest/web/burpsuite/burpsuite_v1.4.01.jar -r Desktop/StaticBurp.rb
As Michele states in his blog post the output will need manual verification, it will probably produce a lot of false negatives and false positives. It is for now better than nothing.