├── ParamsExtractor.py
└── README.md


/ParamsExtractor.py:
--------------------------------------------------------------------------------
  1 | from burp import IBurpExtender
  2 | from burp import IScannerCheck
  3 | from burp import IScanIssue
  4 | from array import array
  5 | import sys
  6 | from javax import swing
  7 | from java.awt import Font, Color
  8 | from javax.swing import JFileChooser
  9 | from burp import ITab
 10 | 
 11 | 
 12 | class BurpExtender(IBurpExtender, IScannerCheck, ITab):
 13 | 
 14 | 	def registerExtenderCallbacks(self, callbacks):
 15 | 		self._callbacks = callbacks
 16 | 		self._helpers = callbacks.getHelpers()
 17 | 
 18 | 		callbacks.setExtensionName("ParamsExtractor")
 19 | 
 20 | 		sys.stdout = callbacks.getStdout()
 21 | 		sys.stderr = callbacks.getStderr()
 22 | 
 23 | 		callbacks.registerScannerCheck(self)
 24 | 		self.initUI()
 25 | 		callbacks.addSuiteTab(self)
 26 | 
 27 | 	def initUI(self):
 28 | 		self.tab = swing.JPanel()
 29 | 
 30 | 		self.outputLabel = swing.JLabel("ParamsExtractor log : ")
 31 | 		self.outputLabel.setFont(Font("Tahoma", Font.BOLD,14))
 32 | 		self.outputLabel.setForeground(Color(255,102,52))
 33 | 		self.logPane = swing.JScrollPane()
 34 | 		self.outputTxtArea = swing.JTextArea()
 35 | 		self.outputTxtArea.setFont(Font("Consolas", Font.PLAIN, 12))
 36 | 		self.outputTxtArea.setLineWrap(True)
 37 | 		self.logPane.setViewportView(self.outputTxtArea)
 38 | 		self.clearBtn = swing.JButton("Clear Log", actionPerformed=self.clearLog)
 39 | 		self.exportBtn = swing.JButton("Export Log", actionPerformed=self.exportLog)
 40 | 		self.parentFrm = swing.JFileChooser()
 41 | 
 42 | 		layout = swing.GroupLayout(self.tab)
 43 | 		layout.setAutoCreateGaps(True)
 44 | 		layout.setAutoCreateContainerGaps(True)
 45 | 		self.tab.setLayout(layout)
 46 | 			
 47 | 		layout.setHorizontalGroup(
 48 | 			layout.createParallelGroup()
 49 | 			.addGroup(layout.createSequentialGroup()
 50 | 				.addGroup(layout.createParallelGroup()
 51 | 					.addComponent(self.outputLabel)
 52 | 					.addComponent(self.logPane)
 53 | 					.addComponent(self.clearBtn)
 54 | 					.addComponent(self.exportBtn)
 55 | 				)
 56 | 			)
 57 | 		)
 58 | 				
 59 | 		layout.setVerticalGroup(
 60 | 			layout.createParallelGroup()
 61 | 			.addGroup(layout.createParallelGroup()
 62 | 				.addGroup(layout.createSequentialGroup()
 63 | 					.addComponent(self.outputLabel)
 64 | 					.addComponent(self.logPane)
 65 | 					.addComponent(self.clearBtn)
 66 | 					.addComponent(self.exportBtn)
 67 | 				)
 68 | 			)
 69 | 		)
 70 | 
 71 | 	
 72 | 	def getTabCaption(self):
 73 | 		return "ParamsExtractor"
 74 |     
 75 | 	def getUiComponent(self):
 76 | 		return self.tab
 77 | 
 78 | 
 79 | 	def _check_params(self, reqInfo):
 80 | 		findings = []
 81 | 		params = reqInfo.getParameters()
 82 | 		url = reqInfo.getUrl()
 83 | 		for param in params:
 84 | 			name = param.getName()
 85 | 			value = param.getValue()
 86 | 			if name not in findings:
 87 | 				findings.append(name)
 88 | 
 89 | 		return findings
 90 | 
 91 | 	def clearLog(self, event):
 92 | 		self.outputTxtArea.setText("")
 93 | 
 94 | 	def exportLog(self, event):
 95 | 		chooseFile = JFileChooser()
 96 | 		ret = chooseFile.showDialog(self.logPane, "Choose file")
 97 | 		filename = chooseFile.getSelectedFile().getCanonicalPath()
 98 | 		print("\n" + "Export to : " + filename)
 99 | 		open(filename, 'w', 0).write(self.outputTxtArea.text)
100 | 
101 | 	def doPassiveScan(self, baseRequestResponse):
102 | 		if self._callbacks.isInScope(self._helpers.analyzeRequest(baseRequestResponse).getUrl()):
103 | 
104 | 			analyzed = self._helpers.analyzeRequest(baseRequestResponse.getHttpService(), baseRequestResponse.getRequest())
105 | 			matchesArray = self._check_params(analyzed)
106 | 			matches = list(dict.fromkeys(matchesArray))
107 | 			if len(matches) == 0:
108 | 				return None
109 | 
110 | 			#print(matches)
111 | 			#print(type(matches))
112 | 			for param in matches:
113 | 				if param not in self.outputTxtArea.text:
114 | 					self.outputTxtArea.append(str(param)+"\n")
115 | 		else:
116 | 			print("Out of Scope")
117 | 			print(self._helpers.analyzeRequest(baseRequestResponse).getUrl())
118 | 
119 | 
120 | 	def consolidateDuplicateIssues(self, existingIssue, newIssue):
121 | 		return -1
122 | 


--------------------------------------------------------------------------------
/README.md:
--------------------------------------------------------------------------------
1 | # ParamsExtractor
2 | A burp-suite plugin that extract all parameters name from in-scope requests.
3 | 
4 | You can run the plugin while you are working on the target application and it will log all the extracted parameters in the plugin tab.
5 | Then you can export the result to a file and use that file with other parameter discovery tools.
6 | 
7 | 


--------------------------------------------------------------------------------