Difference Generator
The Attack Surface Difference Generator is a feature built into the Burp plugin that allows the user to point the Attack Surface Detector at two separate versions of the same application to gain better insight into the changes made between versions. The Attack Surface Detector will discover the application's endpoints and parameters for both versions and pass the discovered data the Difference Generator which will then compare the data sets of both versions. The Difference Generator will highlight the changes to parameters indicating weather they are new/modified/deleted. The Difference Generator will also highlight new/modified endpoints and make requests to the application server based on this information
To configure the Difference Generator you would follow the standard Attack Surface Detector configuration steps but would also select a comparison code base or JSON endpoint output in the Options tab
Results will be displayed in the Attack Surface Detector Main tab in the endpoints table, and the Burp Site Map.
Endpoints in the table will be marked as new or modified in the right most column. Selecting any of these endpoints will display the endpoint details below and will show the parameter/endpoint differences.
Requests in the Burp Site Map. will be given a unique highlight and comment. New Endpoints will be highlighted in orange, modified endpoints will be highlighted in purple and endpoints that have not changed will be highlighted in blue.
