jianfen's blog

Information is beautiful

burp_jspath



https://github.com/j1anFen/burp_jspath


获取js文件和html中 <script> 标签内容中的接口,用于渗透中发现隐藏API,未授权访问等漏洞。


插件使用了linkfinder探测js中路径的正则语句。

environment

  • jpython 2.7
  • BurpSuite Proxy

Features

  • get js file path
  • get html script tags path
  • filter assets content

Usage

Import this extension of Burp Suite.

Save to log file when there is more content.

Reference

regexp code

https://github.com/GerbenJavado/LinkFinder/blob/master/linkfinder.py#L29


添加新评论 »

在这里输入你的评论...

勿忘初心,方得始终.