Ecosyste.ms: Awesome

An open API service indexing awesome lists of open source software.

Awesome Lists | Featured Topics | Projects

https://github.com/Impact-I/x8-Burp

Hidden parameters discovery suite
https://github.com/Impact-I/x8-Burp

api-testing bugbounty content-discovery parameter-discovery recon

Last synced: about 1 month ago
JSON representation

Hidden parameters discovery suite

Host: GitHub
URL: https://github.com/Impact-I/x8-Burp
Owner: Impact-I
License: gpl-3.0
Created: 2021-07-18T05:05:24.000Z (about 3 years ago)
Default Branch: main
Last Pushed: 2022-11-14T10:49:05.000Z (almost 2 years ago)
Last Synced: 2024-06-06T22:47:16.134Z (3 months ago)
Topics: api-testing, bugbounty, content-discovery, parameter-discovery, recon
Language: Python
Homepage:
Size: 15.5 MB
Stars: 217
Watchers: 5
Forks: 42
Open Issues: 1
Metadata Files:
- Readme: README.md
- License: LICENSE

Awesome Lists containing this project

awesome-hacking-lists - Impact-I/x8-Burp - Hidden parameters discovery suite (Python)

README

[![Twitter](https://img.shields.io/twitter/follow/lmpact_l.svg?logo=twitter)](https://twitter.com/lmpact_l)

![stars](https://img.shields.io/github/stars/Impact-I/x8-Burp)
[![github_downloads](https://img.shields.io/github/downloads/Impact-I/x8-Burp/total?label=downloads&logo=github)](https://github.com/Impact-I/x8-Burp/releases/tag/v0.1.2)

This app is no longer supported

The tool helps to find hidden parameters that can be vulnerable or can reveal interesting functionality that other hunters miss. Greater accuracy is achieved thanks to the line-by-line comparison of pages, comparison of response code and reflections.

## Features

- Selecting multiple requests from the Proxy or Repeater tab.
- Each selected request is executed in a separate thread.
- Automatic Issue creation when hidden parameter is found.
- HTTP/2 Support.
- Requests with detected parameters are visible in the Proxy tab.
- Issue is added with severity `Information` when WAF is detected.
- Automatic detection of injection point. If the request body exists, then parameters in URL-Query are ignored.
- Custom injection point can be defined using `%s` or `&%s`

## Usage
- There are four search choices available:
- Small Wordlist (Recommended, `25000` words, 5 threads)
- Large Wordlist (`63000` words, 15 threads)
- x8083 - all request will be proxied via port 8083 (for example, you can configure the port in Burp)
- Debug Params - the minimum number of requests to detect only debug parameters and parameters based on response

## Test
Feel free to check whether the tool works as expected and compare it with other tools at https://4rt.one/index.html There are 2 reflected parameters, 4 parameters that change code/headers/body, and one extra parameter with a not random value.

## Detected parameters

## Acknowledgement
Thanks to [Sh1Yo](https://github.com/Sh1Yo) for the wonderful x8 utility. He added special functions into it so that we could write this wrapper. We also spotted some bugs, specifically in HTTP/2, for Burp Suite compatibility. To examine and understand the project in detail, or if you need a command line version, click [here](https://github.com/Sh1Yo/x8).

## To Do
- [ ] Implementation of a panel for configuring custom proxy
- [x] Windows version
- [ ] Implementation of a choice - `25000` words, 1 thread
- [ ] Publish to BApp Store

## Demo

## Installation
You need to configure [Jython Standalone](https://www.jython.org/download.html) path in Burp Suite Extender options.

As this is a wrapper, a [precompiled binary](https://github.com/Sh1Yo/x8/releases/tag/v2.5.0) is used.
- Linux
- from releases
```bash
Burp -> Extender -> ./x8-Burp/linux_x8.py
```
- Windows
- from releases
```bash
Burp -> Extender -> ./x8-Burp/win_x8.py
```