Xkeys (BurpSuite Extension)

Description

A Burp Suite Extension to extract interesting strings (key, secret, token, or etc.) from a webpage. and lists them as information issues.

Type : Passive Scanner

Setup

Setup the python environment by providing the Jython.jar file in the 'Options' tab under 'Extender' in Burp Suite.
Download the BurpSuite-Xkeys.zip.
In the 'Extensions' tab under 'Extender', select 'Add'.
Change the extension type to 'Python'.
Provide the path of the file "Xkeys.py" and click on 'Next'.

Usage

The extension will start identifying assets through passive scan.

Result

The extension will show on issues box and on output extender

Possible Value Extraction

{keyword}=<value>
{keyword}= <value>
{keyword} =<value>
{keyword} = <value>
{keyword}'='<value>'
{keyword}'= '<value>'
{keyword}' ='<value>'
{keyword}' = '<value>'
{keyword}"="<value>"
{keyword}"= "<value>"
{keyword}" ="<value>"
{keyword}" = "<value>"
{keyword}":"<value>"
{keyword}": "<value>"
{keyword}" :"<value>"
{keyword}" : "<value>"
{keyword}=<value>&

Requirements

Code Credits:

# PortSwigger example-scanner-checks: https://github.com/PortSwigger/example-scanner-checks
# RedHuntLabs BurpSuite-Asset_Discover: https://github.com/redhuntlabs/BurpSuite-Asset_Discover

Sec7or Team
Surabaya Hacker Link

Name		Name	Last commit message	Last commit date
Latest commit History 8 Commits
Screenshot		Screenshot
README.md		README.md
Xkeys.py		Xkeys.py

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Repository files navigation

Xkeys (BurpSuite Extension)

Description

Setup

Usage

Result

Possible Value Extraction

Requirements

Code Credits:

About

Releases

Packages

Languages

vsec7/BurpSuite-Xkeys

Folders and files

Latest commit

History

Repository files navigation

Xkeys (BurpSuite Extension)

Description

Setup

Usage

Result

Possible Value Extraction

Requirements

Code Credits:

About

Topics

Resources

Stars

Watchers

Forks

Releases

Packages 0

Languages

Packages