This extension is a attempt to ease finding referer header related issues in a web application which usually leaks details like below

• password reset tokens
• transcation/payment receipts
• user details in url and many more occurances

Read yourself and see if you can figureout https://en.wikipedia.org/wiki/Dangling_pointer

Extension is written in python and hence needs Jython support to run it.

• download Jython from here
• Get burp professional version
• Go to Extender >> Extensions >> Add >> Browse to downloaded python file and extension will be loaded

To use the extension setup the extension as shown in below gif. Then browse the application in target and go through all functionality like login/logout/order placement/forgot password etc. Once done go to extension tab and Click on run ( make sure you have added target domain in code/text box) we will have list of probable suspects for bugs.

• Add Logic to flag possible suspects
• Add coloring for possible bugs (High - Red/ Medium - Brown/ Low - Green/ Informational - None)
• Add text box for adding target domain

Thanks to PortSwigger for this extension ( and people who wrote that extension or gave input ) without which the one which i wrote would not have been possible.