Syntax Highliting

[Hipapheralkus]

I noticed that this extender doesn't highlight payloads; and the information in Advisory is always identical.
When I have an issue discovered, and press "Move to the next match" in both Request and Response; it would be very nice to see the payload as well as identified response highlighted.
Also, the Advisory tab for found issue could be more specific -> e.g. "Referer: ${9*2}" resulted in "blablabla18blabla" in response; so that false positives could be found faster.

[0xdevalias]

Was just coming over here to open an issue about the same thing!

[obi-jon]

Yes, this ^^.
But first, Great scanner, saves me a lot of time.

Currently you have to guess at what the finding is claiming. As an example I had several apparent EL (Expression Language) Injection findings that took me a little while to determine what exactly the tests were triggering on. The advisory tab was no help. Finally I noticed that the Issues pane shows a field/parameter next to the URL. After looking at the parameter I see a mathematical expression. After solving the expression I did a search for that value in the response. Alas, false positives. All that to say that including, in the advisory tab, the payload used on which parameter or header in the finding would go a long way toward improving the user friendliness of this scanner.