Created
December 24, 2024 19:12
-
-
Save Static-Flow/88a5bab1eba6b9f2ca6ab017f2d1437f to your computer and use it in GitHub Desktop.
This Burp Suite BCheck passively alerts if a site does not define a charset via the Content-Type header or a Meta tag.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| metadata: | |
| language: v2-beta | |
| name: "no content type check" | |
| description: "Checks is a response has a text/html content type and no charset set" | |
| tags: "passive" | |
| given response then | |
| if {to_lower(latest.response.headers)} matches "content-type: text/html\r\n" then | |
| if not ({latest.response.body} matches "<meta charset=\".+?\">") then | |
| report issue: | |
| severity: info | |
| confidence: firm | |
| detail: "The site does not specify a charset in the Content-Type header or via a Meta tag. This site may be vulnerable to am encoding-differential XDS vector." | |
| remediation: "The site should specifiy a charset via headers or a meta tag." | |
| end if | |
| end if |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment