Skip to content

Allows you to trace where inputs are reflected back to the user.

License

Notifications You must be signed in to change notification settings

penafieljlm/burp-tracer

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

6 Commits
 
 
 
 
 
 
 
 

Repository files navigation

Burp Tracer

This is a simple extension for Burp Suite which takes your current site map, extracts each request parameter, and searches for responses where its value is present. This tool was developed with output validation testing (e.g. XSS) in mind.

The tool respects the scope that you indicated in the "Scope" tab of the "Target" module.

Alt text

Installation

  1. Clone this repository somewhere or download tracer.py
  2. Download Jython (http://www.jython.org/downloads.html) and install it anywhere you like.
  3. In Burp Suite, go to Extender > Options > Python Environment > Select File
  4. In the browsing window, go to the install location of Jython and select jython.jar
  5. In Burp Suite, go to Extender > Extensions > Add
  6. In the Extension Type dropdown, select Python
  7. In the Extension File field, select the tracer.py file that you acquired earlier
  8. A new Tracer tab should pop up in Burp Suite

Usage

It's simple. Just click "Start" and wait for it to complete.

The output tree's hierarchy is formatted in the following order:

  • Input Website
  • Input Endpoint
  • Input Request
  • Input Parameter
  • Output Website
  • Output Endpoint
  • Output Request
  • Output Excerpts

This way, you can see the corresponding responses where each input value is rendered.

FAQs

How is this different from Reflected Parameters or the "Input Returned" result generated by the Scanner?

I honestly can't say for sure since, as of the time I wrote the tool, I never touched the Scanner nor the Reflected Parameters extension (primarily because I'm too poor to afford Burp Suite Pro).

However, by reading the description of the Reflected Parameters extension...

This extension monitors traffic and looks for request parameter values (longer than 3 characters) that are reflected in the response.

...I can say that the main difference between this tool and Reflected Parameters is that the parameter values in Reflected Parameters are searched for in the corresponding response of the request that issued the parameter rather than the entire site map.

Tracer searches the entire site map. So, say for example, you registered an account for a website. You issued the username parameter to the /register.php endpoint. Reflected Parameters would light up if the corresponding response to the POST to /register.php contains the username you entered. Tracer, on the other hand, would light up even if the corresponding response to /register.php doesn't contain the username you entered as long as it pops up elsewhere in the site.

How is this different from simply searching for parameter values using Ctrl+F?

Well, one, you're not going to have to manually sift through all parameter values present on your site map and do a search for each and every one of them. This tool hunts down those parameter values for you and does the searching for you at the same time.

About

Allows you to trace where inputs are reflected back to the user.

Resources

License

Stars

Watchers

Forks

Releases

No releases published

Packages

No packages published

Languages