This is a burp plugin (python) that extracts keywords from response using regexes and test for reflected XSS on the target scope. Valid parameters reflected, vulnerable parameters are show in results in the rexsser extension tab.
- extract all javascript 'var' names from response page
- ...
- Jython
- BurpSuite
- Add Multiple regexes to extract words (Example: input elements in the page response)
- Content-Type filter
- Scope checkbox
- Process only given status-codes
- Turn off/on