Skip to content

A Burp Suite Extension to extract interesting strings (key, secret, token, or etc.) from a webpage.

Notifications You must be signed in to change notification settings

l34r00t/BurpSuite-Xkeys

 
 

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

8 Commits
 
 
 
 
 
 

Repository files navigation

Xkeys (BurpSuite Extension)

Description

A Burp Suite Extension to extract interesting strings (key, secret, token, or etc.) from a webpage. and lists them as information issues.

Type : Passive Scanner

Setup

  • Setup the python environment by providing the Jython.jar file in the 'Options' tab under 'Extender' in Burp Suite.
  • Download the BurpSuite-Xkeys.zip.
  • In the 'Extensions' tab under 'Extender', select 'Add'.
  • Change the extension type to 'Python'.
  • Provide the path of the file "Xkeys.py" and click on 'Next'.

Usage

  • The extension will start identifying assets through passive scan.

Result

  • The extension will show on issues box and on output extender

Possible Value Extraction

{keyword}=<value>
{keyword}= <value>
{keyword} =<value>
{keyword} = <value>
{keyword}'='<value>'
{keyword}'= '<value>'
{keyword}' ='<value>'
{keyword}' = '<value>'
{keyword}"="<value>"
{keyword}"= "<value>"
{keyword}" ="<value>"
{keyword}" = "<value>"
{keyword}":"<value>"
{keyword}": "<value>"
{keyword}" :"<value>"
{keyword}" : "<value>"
{keyword}=<value>&

Requirements

Code Credits:

# PortSwigger example-scanner-checks: https://github.com/PortSwigger/example-scanner-checks
# RedHuntLabs BurpSuite-Asset_Discover: https://github.com/redhuntlabs/BurpSuite-Asset_Discover
  • Sec7or Team
  • Surabaya Hacker Link

About

A Burp Suite Extension to extract interesting strings (key, secret, token, or etc.) from a webpage.

Resources

Stars

Watchers

Forks

Releases

No releases published

Packages

No packages published

Languages

  • Python 100.0%