{"id":13845532,"url":"https://github.com/Impact-I/x8-Burp","last_synced_at":"2025-07-12T02:31:49.912Z","repository":{"id":37238460,"uuid":"387094717","full_name":"Impact-I/x8-Burp","owner":"Impact-I","description":"Hidden parameters discovery suite","archived":false,"fork":false,"pushed_at":"2022-11-14T10:49:05.000Z","size":16262,"stargazers_count":218,"open_issues_count":1,"forks_count":42,"subscribers_count":5,"default_branch":"main","last_synced_at":"2024-08-05T17:44:42.433Z","etag":null,"topics":["api-testing","bugbounty","content-discovery","parameter-discovery","recon"],"latest_commit_sha":null,"homepage":"","language":"Python","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"gpl-3.0","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/Impact-I.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null}},"created_at":"2021-07-18T05:05:24.000Z","updated_at":"2024-07-18T18:39:29.000Z","dependencies_parsed_at":"2023-01-20T19:45:40.119Z","dependency_job_id":null,"html_url":"https://github.com/Impact-I/x8-Burp","commit_stats":null,"previous_names":[],"tags_count":3,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/Impact-I%2Fx8-Burp","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/Impact-I%2Fx8-Burp/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/Impact-I%2Fx8-Burp/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/Impact-I%2Fx8-Burp/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/Impact-I","download_url":"https://codeload.github.com/Impact-I/x8-Burp/tar.gz/refs/heads/main","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":225784733,"owners_count":17523698,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["api-testing","bugbounty","content-discovery","parameter-discovery","recon"],"created_at":"2024-08-04T17:03:27.615Z","updated_at":"2024-11-21T18:32:13.438Z","avatar_url":"https://github.com/Impact-I.png","language":"Python","funding_links":[],"categories":["Python"],"sub_categories":[],"readme":"[![Twitter](https://img.shields.io/twitter/follow/lmpact_l.svg?logo=twitter)](https://twitter.com/lmpact_l)\n\n![stars](https://img.shields.io/github/stars/Impact-I/x8-Burp)\n[![github_downloads](https://img.shields.io/github/downloads/Impact-I/x8-Burp/total?label=downloads\u0026logo=github)](https://github.com/Impact-I/x8-Burp/releases/tag/v0.1.2)\n\u003ch3 align=\"center\"\u003eThis app is no longer supported\u003c/h3\u003e\n\n#\n\n\n\n\n\n\nThe tool helps to find hidden parameters that can be vulnerable or can reveal interesting functionality that other hunters miss. Greater accuracy is achieved thanks to the line-by-line comparison of pages, comparison of response code and reflections.\n\n## Features\n\n- Selecting multiple requests from the Proxy or Repeater tab.\n- Each selected request is executed in a separate thread.\n- Automatic Issue creation when hidden parameter is found.\n- HTTP/2 Support.\n- Requests with detected parameters are visible in the Proxy tab.\n- Issue is added with severity `Information` when WAF is detected.\n- Automatic detection of injection point. If the request body exists, then parameters in URL-Query are ignored.\n- Custom injection point can be defined using `%s` or `\u0026%s`\n\u003cp align=\"center\"\u003e\u003cimg src=\"https://user-images.githubusercontent.com/87244850/125835832-a24d2cec-4dc1-4ffd-afff-12f4e99c409c.png\" width=\"79%\"/\u003e\u003c/p\u003e\n\n## Usage\n- There are four search choices available: \n    - Small Wordlist (Recommended, `25000` words, 5 threads)\n    - Large Wordlist (`63000` words, 15 threads)\n    - x8083 - all request will be proxied via port 8083 (for example, you can configure the port in Burp)\n    - Debug Params - the minimum number of requests to detect only debug parameters and parameters based on response\n\n\u003cp align=\"center\"\u003e\u0026#160;\u0026#160;\u0026#160;\u0026#160;\u0026#160;\u0026#160;\u003cimg src=\"https://user-images.githubusercontent.com/87244850/125835974-5679ec1a-0126-48a2-82ba-1861c94ed551.png\" width=\"83%\"/\u003e\u003c/p\u003e\n\n\n## Test\nFeel free to check whether the tool works as expected and compare it with other tools at https://4rt.one/index.html There are 2 reflected parameters, 4 parameters that change code/headers/body, and one extra parameter with a not random value.\n\n## Detected parameters\n\u003cp align=\"center\"\u003e\u003cimg src=\"https://user-images.githubusercontent.com/87244850/125836031-681af553-c3ef-4314-a431-dd34e49fdb86.png\" width=\"83%\"/\u003e\u003c/p\u003e\n\n## Acknowledgement\nThanks to [Sh1Yo](https://github.com/Sh1Yo) for the wonderful x8 utility. He added special functions into it so that we could write this wrapper. We also spotted some bugs, specifically in HTTP/2, for Burp Suite compatibility. To examine and understand the project in detail, or if you need a command line version, click [here](https://github.com/Sh1Yo/x8).\n\n## To Do\n- [ ] Implementation of a panel for configuring custom proxy\n- [x] Windows version\n- [ ] Implementation of a choice - `25000` words, 1 thread\n- [ ] Publish to BApp Store\n\n## Demo\n\u003cp align=\"center\"\u003e\u003ca href=\"https://www.youtube.com/watch?v=ou8m5jiP4qI\"\u003e\u003cimg src=\"https://user-images.githubusercontent.com/87244850/126552382-10421e67-930a-48fe-aaac-0d84a81a05ca.png\" width=\"80%\"/\u003e\u003c/a\u003e\u003c/p\u003e\n\n## Installation\nYou need to configure [Jython Standalone](https://www.jython.org/download.html) path in Burp Suite Extender options. \u003cbr\u003e\nAs this is a wrapper, a [precompiled binary](https://github.com/Sh1Yo/x8/releases/tag/v2.5.0) is used.\n- Linux\n    - from releases\n        ```bash\n        Burp -\u003e Extender -\u003e ./x8-Burp/linux_x8.py\n        ```\n- Windows\n    - from releases\n        ```bash\n        Burp -\u003e Extender -\u003e ./x8-Burp/win_x8.py\n        ```\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2FImpact-I%2Fx8-Burp","html_url":"https://awesome.ecosyste.ms/projects/github.com%2FImpact-I%2Fx8-Burp","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2FImpact-I%2Fx8-Burp/lists"}