Start

Introduction


Installation

Introduction

Attack Surface is a plugin for either Burp or ZAP. Burp and ZAP are proxy-based scanning tools. These tools are generally configured to be a middle-man between a browser and the web sites it browses. The proxy records and analyzes all HTTP requests and responses for potential vulnerabilities. Attack Surface adds value in two ways:

Burp and ZAP are both independently supported products, but the plugin was built to be compatible with either. The following will document how to install the plugin and access the interface from each product, but we'll focus on Burp to document the plugin itself).

*** Disclaimer ***

The name Attack Surface may imply that an application's entire attack surface is covered by this plugin. It is not. For example, the Attack Surface plugin will not help prevent a ClickJacking attack, which exploits a lack of frame-busting headers, but is technically part of an application's attack surface. This plugin focuses on untrusted data, but that name has less cachet.


Start

Introduction


Installation