Ecosyste.ms: Awesome

An open API service indexing awesome lists of open source software.

Awesome Lists | Featured Topics | Projects

https://github.com/vsec7/BurpSuite-Xkeys

A Burp Suite Extension to extract interesting strings (key, secret, token, or etc.) from a webpage.
https://github.com/vsec7/BurpSuite-Xkeys

burp-extensions burpsuite hacking osint pentest-tool pentesting

Last synced: about 2 months ago
JSON representation

A Burp Suite Extension to extract interesting strings (key, secret, token, or etc.) from a webpage.

Host: GitHub
URL: https://github.com/vsec7/BurpSuite-Xkeys
Owner: vsec7
Created: 2020-06-15T09:46:58.000Z (over 4 years ago)
Default Branch: master
Last Pushed: 2020-06-19T15:46:18.000Z (about 4 years ago)
Last Synced: 2024-05-01T15:15:39.421Z (5 months ago)
Topics: burp-extensions, burpsuite, hacking, osint, pentest-tool, pentesting
Language: Python
Size: 106 KB
Stars: 233
Watchers: 14
Forks: 50
Open Issues: 2
Metadata Files:
- Readme: README.md

Awesome Lists containing this project

awesome-burp-extensions - Xkeys - A Burp Suite Extension to extract interesting strings (key, secret, token, or etc.) from a webpage. and lists them as information issues. (Vulnerability Specific Extensions / Sensitive Data Exposure)
awesome-hacking-lists - vsec7/BurpSuite-Xkeys - A Burp Suite Extension to extract interesting strings (key, secret, token, or etc.) from a webpage. (Python)

README

        # Xkeys (BurpSuite Extension)



## Description

A Burp Suite Extension to extract interesting strings (key, secret, token, or etc.) from a webpage. and lists them as information issues.

Type : Passive Scanner

# Setup



- Setup the python environment by providing the Jython.jar file in the 'Options' tab under 'Extender' in Burp Suite.

- Download the BurpSuite-Xkeys.zip.

- In the 'Extensions' tab under 'Extender', select 'Add'.

- Change the extension type to 'Python'.

- Provide the path of the file "Xkeys.py" and click on 'Next'.

# Usage

- The extension will start identifying assets through passive scan.

## Result

- The extension will show on issues box and on output extender



## Possible Value Extraction

```

{keyword}=

{keyword}= 

{keyword} =

{keyword} = 

{keyword}'=''

{keyword}'= ''

{keyword}' =''

{keyword}' = ''

{keyword}"=""

{keyword}"= ""

{keyword}" =""

{keyword}" = ""

{keyword}":""

{keyword}": ""

{keyword}" :""

{keyword}" : ""

{keyword}=&

```

## Requirements

- [Jython 2.7.0](https://www.jython.org/download.html)

- [Burp Suite Pro](https://portswigger.net/burp)

## Code Credits:

```

# PortSwigger example-scanner-checks: https://github.com/PortSwigger/example-scanner-checks

# RedHuntLabs BurpSuite-Asset_Discover: https://github.com/redhuntlabs/BurpSuite-Asset_Discover

```

- Sec7or Team

- Surabaya Hacker Link