The JS crawler should be able to follow the links on the first hooked page, crawling to a depth = N new pages.

This would be really useful to expand the attack surface on cross-domain vulnerable links/forms that are not present on the page where the HB is already hooked.

We can issue ajax requests to all the same-domain links found in the hooked page, parse the links/forms in the response, and add them to a stack of resources to be scanned. Should work ;)


Google Code Issue: http://code.google.com/p/beef/issues/detail?id=404