GAP-Burp-Extension - Burp Extension To Find Potential Endpoints, Parameters, And Generate A Custom Target Wordlist
This is an evolution of the original getAllParams extension for Burp. Not only does it find more potential parameters for you to investigate, but it also finds potential links to try these parameters on, and produces a target specific wordlist to use for fuzzing. The full Help documentation can be found here or from the Help icon on the GAP tab.
TL;DR
Installation
- Visit Jython Offical Site, and download the latest stand alone JAR file, e.g.
jython-standalone-2.7.3.jar
. - Open Burp, go to Extensions -> Extension Settings -> Python Environment, set the Location of Jython standalone JAR file and Folder for loading modules to the directory where the Jython JAR file was saved.
- On a command line, go to the directory where the jar file is and run
java -jar jython-standalone-2.7.3.jar -m ensurepip
. - Download the
GAP.py
andrequirements.txt
from this project and place in the same directory. - Install Jython modules by running
java -jar jython-standalone-2.7.3.jar -m pip install -r requirements.txt
. - Go to the Extensions -> Installed and click Add under Burp Extensions.
- Select Extension type of Python and select the GAP.py file.
Using
- Just select a target in your Burp scope (or multiple targets), or even just one subfolder or endpoint, and choose extension GAP:
Or you can right click a request or response in any other context and select GAP from the Extensions menu.
- Then go to the GAP tab to see the results:
IMPORTANT Notes
If you don't need one of the modes, then un-check it as results will be quicker.
If you run GAP for one or more targets from the Site Map view, don't have them expanded when you run GAP... unfortunately this can make it a lot slower. It will be more efficient if you run for one or two target in the Site Map view at a time, as huge projects can have consume a lot of resources.
If you want to run GAP on one of more specific requests, do not select them from the Site Map tree view. It will be a lot quicker to run it from the Site Map Contents view if possible, or from proxy history.
It is hard to design GAP to display all controls for all screen resolutions and font sizes. I have tried to deal with the most common setups, but if you find you cannot see all the controls, you can hold down the Ctrl
button and click the GAP logo header image to remove it to make more space.
The Words mode uses the beautifulsoup4
library and this can be quite slow, so be patient!
In Depth Instructions
Below is an in-depth look at the GAP Burp extension, from installing it successfully, to explaining all of the features.
NOTE: This video is from 16th July 2023 and explores v3.X, so any features added after this may not be featured.
TODO
- Get potential parameters from the Request that Burp doesn't identify itself, e.g. XML, graphql, etc.
- Add an option to not add the
Tentaive
Issues, e.g. Parameters that were found in the Response (but not as query parameters in links found). - Improve performance of the link finding regular expressions.
- Include the Request/Response markers in the raised Sus parameter Issues if I can find a way to not make performance really bad!
- Deal with other size displays and font sizes better to make sure all controls are viewable.
- If multiple Site Map tree targets are selected, write the files more efficiently. This can take forever in some cases.
- Use an alternative to
beautifulsoup4
that is faster to parse responses for Words.
Good luck and good hunting! If you really love the tool (or any others), or they helped you find an awesome bounty, consider BUYING ME A COFFEE! ☕ (I could use the caffeine!)
đ¤ /XNL-h4ck3r
Via: www.kitploit.com