Ecosyste.ms: Awesome

An open API service indexing awesome lists of open source software.

Awesome Lists | Featured Topics | Projects

https://github.com/vsec7/BurpSuite-Xkeys

A Burp Suite Extension to extract interesting strings (key, secret, token, or etc.) from a webpage.
https://github.com/vsec7/BurpSuite-Xkeys

burp-extensions burpsuite hacking osint pentest-tool pentesting

Last synced: 2 months ago
JSON representation

A Burp Suite Extension to extract interesting strings (key, secret, token, or etc.) from a webpage.

Awesome Lists containing this project

README 

        
# Xkeys (BurpSuite Extension)




## Description

A Burp Suite Extension to extract interesting strings (key, secret, token, or etc.) from a webpage. and lists them as information issues.



Type : Passive Scanner



# Setup




- Setup the python environment by providing the Jython.jar file in the 'Options' tab under 'Extender' in Burp Suite.

- Download the BurpSuite-Xkeys.zip.

- In the 'Extensions' tab under 'Extender', select 'Add'.

- Change the extension type to 'Python'.

- Provide the path of the file "Xkeys.py" and click on 'Next'.



# Usage

- The extension will start identifying assets through passive scan.



## Result

- The extension will show on issues box and on output extender




## Possible Value Extraction

```

{keyword}=

{keyword}= 

{keyword} =

{keyword} = 

{keyword}'=''

{keyword}'= ''

{keyword}' =''

{keyword}' = ''

{keyword}"=""

{keyword}"= ""

{keyword}" =""

{keyword}" = ""

{keyword}":""

{keyword}": ""

{keyword}" :""

{keyword}" : ""

{keyword}=&

```



## Requirements

- [Jython 2.7.0](https://www.jython.org/download.html)

- [Burp Suite Pro](https://portswigger.net/burp)



## Code Credits:

```

# PortSwigger example-scanner-checks: https://github.com/PortSwigger/example-scanner-checks

# RedHuntLabs BurpSuite-Asset_Discover: https://github.com/redhuntlabs/BurpSuite-Asset_Discover

```



- Sec7or Team

- Surabaya Hacker Link