Burp Sensitive Param Extractor Save

burpsuite extension for check and extract sensitive request parameter

Project README

burp-sensive-param-extractor

概述

检测并提取请求参数中的敏感参数名,如userid,username,方便测试越权漏洞,并形成敏感参数字典。

关于该插件的实现细节,参考burpsuite插件开发总结

快速开始

param-regular.cfg:参数正则配置文件,id表示请求参数中包含id的参数,如userid,idcard等。

sensitive-params.txt:参数字典文件。

支持4种参数检测

self.requestParamDict['urlParams'] = []

self.requestParamDict['BodyParams'] = []

self.requestParamDict['cookieParams'] = []

self.requestParamDict['jsonParams'] = []

界面右侧的列表即参数正则,可实时增删,删除只需单击列表元素再点击删除按钮即可。

反馈

issues

Open Source Agenda is not affiliated with "Burp Sensitive Param Extractor" Project. README Source: theLSA/burp-sensitive-param-extractor
Stars
107
Open Issues
0
Last Commit
3 years ago
Repository
theLSA/burp-sensitive-param-extractor
License
MIT
Tags
Burp Plugin Burpsuite Checker Extractor Parameters Sensitive

Open Source Agenda Badge

Open Source Agenda Rating
Submit Review Review Your Favorite Project
Submit Resource Articles, Courses, Videos
Submit Article Submit a post to our blog

From the blog

Dec 11, 2022

How to Choose Which Programming Language to Learn First?

From the blog

Dec 11, 2022

How to Choose Which Programming Language to Learn First?