Published on December 21st, 2015 | by MaxiSoler0
Sleepy Puppy Burp Extension for XSS v1.0
Sleepy Puppy is a cross-site scripting (XSS) payload management framework which simplifies the ability to capture, manage, and track XSS propagation over long periods of time.
Often when testing for client side injections (HTML/JS/etc.) security engineers are looking for where the injection occurs within the application they are testing only. While this provides ample coverage for the application in scope, there is a possibility that the code engineers are injecting may be reflected back in a completely separate application.
How Does Sleepy Puppy Do It?
Sleepy Puppy provides you with a number of payloads, PuppyScripts, and captures/collectors. Payloads are the actual XSS strings that are used to load Sleepy Puppy PuppyScripts. The PuppyScripts provide a way to collect the information on the client and application where the payload was executed. Captures and Collectors allow you to view the data you have returned from your PuppyScripts. Everything is configurable and you can create your own payloads and PuppyScripts as needed.
Testers can leverage the Sleepy Puppy Assessment model, to categorize payloads and subscribe to email notifications when delayed cross-site scripting events are triggered.