Hi shvetsovalex ,
I came across several false positives with reflector where i can see it was possible to avoid.
below is one example ;

inside cookies values - below is taken from the report inside burp ;
==========================
Issue detail
Reflected parameters in ALL:
vuid - reflected 3 times
==========================
the tool functionality as i understand it is to search for certain pattern inside requests , then check responses - if same pattern found , then it will report possible XSS injection.
i have enabled aggressive mode and context check in plugin options , but still got this false positive because the server sanitized <> chars - the plugin reporting could be improved as i think if it checks for <>;'/" chars inside responses and see if they are escaped or not.
what i was not able to understand is why context analyze was not able to do this test in such scenario and check for special char reflections thus avoid reporting such cases.

other example ;

inside a header
============================
Issue detail
Reflected parameters in HEADERS:
context%5Btype%5D - reflected 2 times
============================
This was little more naive to report by the tool as the request body included a certain word " report" , then this report reflected by in response as part of URL address https://xx.xxxx.net/api/30/csp-**report**/?sentry_key=xxxxxxx

there are more reports i came across but i was working on temp project inside burp and didn't same them.

i have to say that i like the tool a lot and i think scope for improve is big. I'm also a beginner who started a few months ago in hacking and infosec , so my assessment might not be as you expect from pros.

Thanks and regards,
B0overflow

false positive #10

Description

Metadata

Metadata

Assignees

Labels

Projects

Milestone

Relationships

Development

Issue actions