Description
This plugins finds phishing vectors in web applications, for example, a bug of this type is found if I request the URL “http://site.tld/asd.asp?info=http://attacker.tld” and in the response HTML the web application sends: … <iframe src=”http://attacker.tld”> ….
Plugin type
Options
This plugin doesn’t have any user configured options.
Source
For more information about this plugin and the associated tests, there’s always the source code to understand exactly what’s under the hood:
Plugin source code
Unittest source code
Dependencies
This plugin has no dependencies.