Become an AceSign inSign up
vsec7/ BurpSuite-Xkeys
Python pentesting burp-extensions burpsuite
View on GitHub
Need help with BurpSuite-Xkeys?
Click the “chat” button below for chat support from the developer who created it, or find similar developers for support.

About the developer

vsec7
158 Stars 38 Forks 8 Commits 2 Opened issues

Description

A Burp Suite Extension to extract interesting strings (key, secret, token, or etc.) from a webpage.

Services available

!
?

Need anything else?

Contributors list

No Data

Xkeys (BurpSuite Extension)

Description

A Burp Suite Extension to extract interesting strings (key, secret, token, or etc.) from a webpage. and lists them as information issues.

Type : Passive Scanner

Setup

  • Setup the python environment by providing the Jython.jar file in the 'Options' tab under 'Extender' in Burp Suite.
  • Download the BurpSuite-Xkeys.zip.
  • In the 'Extensions' tab under 'Extender', select 'Add'.
  • Change the extension type to 'Python'.
  • Provide the path of the file "Xkeys.py" and click on 'Next'.

Usage

  • The extension will start identifying assets through passive scan.

Result

  • The extension will show on issues box and on output extender

Possible Value Extraction

{keyword}=
{keyword}= 
{keyword} =
{keyword} = 
{keyword}'=''
{keyword}'= ''
{keyword}' =''
{keyword}' = ''
{keyword}"=""
{keyword}"= ""
{keyword}" =""
{keyword}" = ""
{keyword}":""
{keyword}": ""
{keyword}" :""
{keyword}" : ""
{keyword}=&

Requirements

Code Credits:

# PortSwigger example-scanner-checks: https://github.com/PortSwigger/example-scanner-checks
# RedHuntLabs BurpSuite-Asset_Discover: https://github.com/redhuntlabs/BurpSuite-Asset_Discover
  • Sec7or Team
  • Surabaya Hacker Link

We use cookies. If you continue to browse the site, you agree to the use of cookies. For more information on our use of cookies please see our Privacy Policy.