This repository is no longer maintained. See https://portswigger.net/burp/documentation/desktop/tools/dom-invader instead.
Transparently log all data passed into known JavaScript sinks - Sink Logger extension for Burp.
Sink Logger is a Burp Suite Extension that allows to transparently monitor various JavaScript sinks. All data passed into the defined sinks is logged into the browser's console. This is done by injecting a custom Proxy initialization script into chosen HTTP responses and "proxifying" all sinks.
The extension intercepts responses and does 2 major things:
- In case the response is HTML or JavaScript it injects a script initializing a custom Proxy.
var QF9iYXlvdG9w = QF9iYXlvdG9w || new Proxy({}, {
set: function(target, key, value, receiver) {
if (value != undefined && value !== "") {
if ((value + "").startsWith("[object")) {
try {
var svalue = JSON.stringify(value);
} catch(error) {}
}
console.warn(`Sink log (${key}): ${svalue !== undefined ? svalue : value}`);
}
return Reflect.set(target, key, value, receiver);
}
});