The following alpha status active scan rules are included in this add-on:
LDAP Injection may be possible. It may be possible for an attacker to bypass authentication controls, and to view and modify arbitrary data in the LDAP directory. Skips messages which originally resulted in a client or server error response status code.
Latest code: LdapInjectionScanRule.java
Alert ID: 40015.
This rule attempts to identify MongoDB specific NoSQL Injection vulnerabilities. It attempts various types of attacks including: boolean based, error based, time based, and authentication bypass. It does not include time based attacks. It will also attempt JSON parameter specific payloads if the scan is configured to include JSON parameter variants.
Latest code: MongoDbInjectionScanRule.java
Alert ID: 40033.
This rule attempts to identify MongoDB specific NoSQL Injection vulnerabilities using only time based attacks.
Latest code: MongoDbInjectionTimingScanRule.java
Alert ID: 90039.
This rule attempts to identify Web Cache Deception vulnerabilities. It checks whether a static path appended to original URIs can be used to leak sensitive user information or not.
Latest code: WebCacheDeceptionScanRule.java
Alert ID: 40039.
This is an active script scan rule. It detects various types of suspicious input transformations that may indicate potential security vulnerabilities such as template injection, expression evaluation, quote consumption, and issues related to unicode normalization.
This rule is largely adapted from the “Suspect Transform” check included in the ActiveScan++ extension for Burp Suite by Albinowax: SuspectTransform.java.
Latest code: SuspiciousInputTransformation.js
Alert ID: 100044.