vsec7 / BurpSuite-Xkeys

A Burp Suite Extension to extract interesting strings (key, secret, token, or etc.) from a webpage.

burp-extensions osint pentest-tool hacking pentesting burpsuite

Xkeys (BurpSuite Extension)

Description

A Burp Suite Extension to extract interesting strings (key, secret, token, or etc.) from a webpage. and lists them as information issues.

Type : Passive Scanner

Setup

Setup the python environment by providing the Jython.jar file in the 'Options' tab under 'Extender' in Burp Suite.
Download the BurpSuite-Xkeys.zip.
In the 'Extensions' tab under 'Extender', select 'Add'.
Change the extension type to 'Python'.
Provide the path of the file "Xkeys.py" and click on 'Next'.

Usage

The extension will start identifying assets through passive scan.

Result

The extension will show on issues box and on output extender

Possible Value Extraction

{keyword}=<value>
{keyword}= <value>
{keyword} =<value>
{keyword} = <value>
{keyword}'='<value>'
{keyword}'= '<value>'
{keyword}' ='<value>'
{keyword}' = '<value>'
{keyword}"="<value>"
{keyword}"= "<value>"
{keyword}" ="<value>"
{keyword}" = "<value>"
{keyword}":"<value>"
{keyword}": "<value>"
{keyword}" :"<value>"
{keyword}" : "<value>"
{keyword}=<value>&

Requirements

Code Credits:

# PortSwigger example-scanner-checks: https://github.com/PortSwigger/example-scanner-checks
# RedHuntLabs BurpSuite-Asset_Discover: https://github.com/redhuntlabs/BurpSuite-Asset_Discover

Sec7or Team
Surabaya Hacker Link

About

A Burp Suite Extension to extract interesting strings (key, secret, token, or etc.) from a webpage.

burp-extensions osint pentest-tool hacking pentesting burpsuite

Languages

Language:Python 100.0%