DataExtractor|Burp Suite插件|用于从源码中提取指定数据

DataExtractor|Burp Suite插件|用于从源码中提取指定数据

Burpsuite

数据提取器-DataExtractor

一个简单的 Burp Suite 扩展,用于从源代码中提取数据。

特征

  • 范围内解析
  • 要忽略的文件扩展名
  • 基于正则表达式的文件排除
  • 多标签多用途
  • 基于正则表达式的数据提取
  • 基于正则表达式的结果排除
  • 数据导出

安装

首先,请确保在安装之前已加载并设置了 JPython。

  • 克隆这个仓库
  • 在扩展器选项卡中,单击“添加”按钮
  • 将“扩展类型”设置为“Python”
  • 浏览到克隆的文件夹并选择DataExtractor.py“扩展文件”

扩展应该加载并且现在准备好执行被动扫描。

没有安装 jython 的到如下网址下载:
https://www.jython.org/download

安装好 jython 后打开burp进行配置:

DataExtractor|Burp Suite插件|用于从源码中提取指定数据

导入插件:

DataExtractor|Burp Suite插件|用于从源码中提取指定数据

帮助

  • 单击任何“应用更改”按钮将保存您的所有设置
  • 设置/遵循范围规则:不要解析目标范围选项卡中定义的范围外 url
  • 设置/删除重复项:从数据选项卡中删除重复项
  • 设置/忽略扩展名:不解析带有这些扩展名的 url
  • 设置/忽略文件:不解析这些文件(允许使用正则表达式),JSON 格式:[“jquery.min.js”,”.png”,…]
    重要:这里的正则表达式设计不区分大小写
  • 自定义选项卡/配置:要搜索的正则表达式列表,JSON 格式:{“key1″:”regexp1″,”?key2″:”regexp2″,…}
    如果键的第一个字符是 ‘?’ 或 a ‘*’,键不会打印在数据选项卡中
    重要:这里的正则表达式不区分大小写,使用“(?i)”作为整个正则表达式的前缀以使其不敏感
    重要:您应该至少有 1 个组使用括号“()”进行配置以能够捕获某些内容,因此使用 group(1) 作为结果,因此要忽略组,请使用“?:”作为组本身的前缀
  • 自定义选项卡/从结果中删除:从数据选项卡中删除那些结果(允许使用正则表达式),JSON 格式:[“http://$”,”application/javacript”,…]
    重要:这里的正则表达式设计不区分大小写

正则表达式配置示例

所有配置文本区域都应该是有效的 JSON 格式关联数组(键/值),因此请注意每一个逗号和引号。保存设置后,系统会立即执行检查,以确保 exender 选项卡的输出/错误选项卡中的一切正常。
请注意,所有键都应该不同。

子域(不区分大小写):

{
"*dummykey1":"(?i)(([0-9a-z_\\-\\.]+)\\.github\\.com)"
}

AWS 密钥和 Slack 令牌(区分大小写):

{
"slack token": "(xox[pboa]-[0-9]{10,12}-[0-9]{10,12}(-[0-9]{10,12})?-[a-zA-Z0-9]{24,32})",
"aws key": "((AKIA|A3T|AGPA|AIDA|AROA|AIPA|ANPA|ANVA|ASIA)[A-Z0-9]{12,})"
}

查看文件myregexp以获取我所有的正则表达式

完整的正则表达式

----------------
子域 CI
----------------

{
"?aaa":"(?i)(([0-9a-z_\\-\\.]+)\\.10degres\\.net)",
"?bbb":"(?i)(([0-9a-z_\\-\\.]+)\\.github\\.com)"
}

----------------
端点
----------------

{
"*1":"[\"]([a-zA-Z0-9\\-\\.\\?\\#&=_:/]+/[a-zA-Z0-9\\-\\.\\?\\#&=_:/]+)?[\"]",
"*2":"['\"\\(].*(http[s]?://.*?)['\"\\)]",
"*3":"['\"\\(](http[s]?://.*?).*['\"\\)]",
"*4":"['\"\\(]([^'\"\\(]*\\.sdirect[^'\"\\(]*?)['\"\\)]",
"*5":"['\"\\(]([^'\"\\(]*\\.htm[^'\"\\(]*?)['\"\\)]",
"*6":"['\"\\(]([^'\"\\(]*\\.html[^'\"\\(]*?)['\"\\)]",
"*7":"['\"\\(]([^'\"\\(]*\\.php[^'\"\\(]*?)['\"\\)]",
"*8":"['\"\\(]([^'\"\\(]*\\.asp[^'\"\\(]*?)['\"\\)]",
"*9":"['\"\\(]([^'\"\\(]*\\.aspx[^'\"\\(]*?)['\"\\)]",
"*10":"href\\s*=\\s*['](.*?)[']",
"*11":"href\\s*=\\s*[\"](.*?)[\"]",
"*12":"src\\s*=\\s*['](.*?)[']",
"*13":"src\\s*=\\s*[\"](.*?)[\"]",
"*14":"url\\s*[:=].*['](.*?)[']",
"*15":"url\\s*[:=].*?[\"](.*?)[\"]",
"*16":"urlRoot\\s*:.*['](.*?)[']",
"*17":"urlRoot\\s*:.*[\"](.*?)[\"]",
"*18":"endpoint[s]?\\s*:.*['](.*?)[']",
"*19":"endpoint[s]?\\s*:.*[\"](.*?)[\"]",
"*20":"['\"]script['\"]\\s*:\\s*['\"](.*?)['\"]",
"*21":"\\.ajax\\s*\\(\\s*['\"](.*?)['\"]",
"*22":"\\.get\\s*\\(\\s*['\"](.*?)['\"]",
"*23":"\\.post\\s*\\(\\s*['\"](.*?)['\"]",
"*24":"\\.load\\s*\\(\\s*['\"](.*?)['\"]"
}

----------------
端点 V2 CI
----------------

{
"*1":"(?i)[\"]([a-z0-9\\-\\.\\?\\#&=_:/]+/[a-z0-9\\-\\.\\?\\#&=_:/]+)?[\"]",
"*2":"(?i)['\"\\(].*(http[s]?://.*?)['\"\\)]",
"*3":"(?i)['\"\\(](http[s]?://.*?).*['\"\\)]",
"*4":"(?i)['\"\\(]([^'\"\\(]*\\.(?:sdirect|htm[l]|php|asp[x])[^'\"\\(]*?)['\"\\)]",
"*10":"(?i)(?:href|src|url)\\s*=\\s*['](.*?)[']",
"*11":"(?i)(?:href|src|url)\\s*=\\s*[\"](.*?)[\"]",
"*16":"(?i)(?:urlRoot|endpoint[s])\\s*:.*['](.*?)[']",
"*17":"(?i)(?:urlRoot|endpoint[s])\\s*:.*[\"](.*?)[\"]",
"*20":"(?i)['\"]script['\"]\\s*:\\s*['\"](.*?)['\"]",
"*21":"(?i)\\.(?:ajax|get|post|load)\\s*\\(\\s*['\"](.*?)['\"]"
}

忽略:

[
"http://$",
"https://$",
"image/png$",
"application/javascript",
"application/json",
"googleapis.com",
"fontawesome.com",
"cloudflare.com",
"google-analytics.com",
"sha256.*$",
"sha512.*$",
"docs.aws.amazon.com",
"apple.com",
"data:.*"
]


----------------
KEYS
----------------

{
"s3 bucket": "([a-z0-9\\._-]*s3[a-z0-9\\.-]*\\.amazonaws\\.com[\\\\]?/?([a-z0-9\\._-]+)?)",
"slack token": "(xox[pboa](-[0-9]{8,15}){2,3}-[a-zA-Z0-9]{24,32})",
"noidea1": "(T[a-zA-Z0-9_]{8}[\\\\]?/B[a-zA-Z0-9_]{8}[\\\\]?/[a-zA-Z0-9_]{24})",
"aws key": "((AKIA|A3T|AGPA|AIDA|AROA|AIPA|ANPA|ANVA|ASIA)[A-Z0-9]{12,})",
"stripe key": "([psr]k_live_[0-9a-zA-Z]{24,34})",
"twilio api key": "((AC|SK)[0-9a-f]{32})",
"google key": "(AIza[0-9A-Za-z_-]{35})",
"google url": "([0-9]+-[0-9A-Za-z_]{32}\\.apps\\.googleusercontent\\.com)",
"google secret": "(([gG][oO][oO][gG][lL][eE]).{0,20}[ '\"=:\\(\\[{]+.{0,5}[0-9a-zA-Z_-]{24})",
"sendgrid api key": "(SG\\.[a-zA-Z0-9_-]{22}\\.[a-zA-Z0-9_-]{43})",
"mailchimp key": "([0-9a-f]{32}-us[0-9]{1,2})",
"mailgun key": "(key-[0-9a-zA-Z]{32})",
"square app scret": "(sq0(atp|csp)-[0-9A-Za-z_-]{22,43})",
"square personal token": "(EAAA[0-9a-zA-Z_-]{60})",
"paypal token": "(access_token\\$(live|production|sandbox)\\$[0-9a-z]{16}\\$[0-9a-f]{32})",
"noidea2": "([^0-9a-zA-Z_-][AE][0-9a-zA-Z_-]{79})",
"noidea3": "(A21AA[0-9a-zA-Z_-]{92})",
"facebook secret": "(([fF][aA][cC][eE][bB][oO][oO][kK]).{0,20}[ '\"=:\\(\\[{]+.{0,5}[0-9a-f]{32})",
"noidea4": "(EAACEdEose0cBA[0-9A-Za-z]+)",
"noidea5": "([0-9]{10,20}\\|[a-zA-Z0-9-]{20,30})",
"twitter secret1": "(([tT][wW][iI][tT][tT][eE][rR]).{0,20}[ '\"=:\\(\\[{]+.{0,5}[0-9a-zA-Z]{35,44})",
"twitter secret2": "(([tT][wW][iI][tT][tT][eE][rR]).{0,20}[ '\"=:\\(\\[{]+.{0,5}[1-9][0-9]+-[0-9a-zA-Z]{24,40})",
"noidea6": "(AAAAAAAAAAAAAAAAAAAAA[0-9A-Za-z%=\\+]+)",
"github token": "(ghp_[a-zA-Z0-9]{36})",
"github secret": "(([gG][iI][tT][hH][uU][bB]).{0,20}[ '\"=:\\(\\[{]+.{0,5}[0-9a-zA-Z]{35,40})",
"heroku secret": "(([hH][eE][rR][oO][kK][uU]).{0,20}[ '\"=:\\(\\[{]+.{0,5}[0-9A-F]{8}-[0-9A-F]{4}-[0-9A-F]{4}-[0-9A-F]{4}-[0-9A-F]{12})",
"noidea7": "([a-z\\+]{3,}:[/]{1,3}[^:'\" ]{2,}:[^@'\" ]{3,}@[^'\" ]+)",
"google oauth access token": "(ya29\\.[0-9A-Za-z_-]+)",
"noidea8": "(amzn\\.mws\\.[0-9a-f]{8}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{12})",
"subdomain takeover": "([a-zA-Z0-9_-]+\\.(firebaseio|azurewebsites|cloudapp|trafficmanager|herokuapp|cloudfront)\\.(com|net))",
"public/private key": "(\\-\\-\\-\\-\\-BEGIN[ ]+[A-Z]*[ ]*PRIVATE[ ]+KEY)",
"json web token": "(ey[A-Za-z0-9_=-]+\\.ey[A-Za-z0-9_=-]+\\.?[A-Za-z0-9_\\.+/=-]*)",
"whatever secret": "((access_key|access_secret|accesstoken|access_token|access-token|access_token_secret|\\.amazonaws\\.com|apikey|api_key|api-key|api_secret_key|api_token|app_key|auth|authkey|authorization|authorization_key|authorization_token|authtoken|auth_token|aws_access_key_id|aws_secret_access_key|azurewebsites|bearer|BEGIN EC PRIVATE KEY|BEGIN PGP PRIVATE KEY BLOCK|BEGIN PRIVATE KEY|BEGIN RSA PRIVATE KEY|bot_access_token|bucket|client_id|client_key|clientsecret|client_secret|client-secret|cloudapp|cloudfront|ConsumerKey|consumer_key|ConsumerSecret|consumer_secret|customer_secret|dbpasswd|DB_PASSWORD|DB_USERNAME|encryptionkey|encryption_key|encryption-key|fb_secret|firebaseio|gsecr|HEROKU_API_KEY|herokuapp|HOMEBREW_GITHUB_API_TOKEN|id_dsa|id_rsa|irc_pass|JEKYLL_GITHUB_TOKEN|key|npm_token|oauth_token|pass|password|perm|private|privatekey|secret|private_key|private-key|PT_TOKEN|rk_live_|secretkey|secret_key|secret-key|secret_token|session_key|session_secret|SESSION_TOKEN|SF_USERNAME|sk_live_|slack_api_token|SLACK_BOT_TOKEN|slack_secret_token|slack_token|sq0atp|sq0csp|sshkey|ssh_key|ssh-key|token|trafficmanager|username|user_secret|xoxa-2|xoxb-|xoxr)[a-zA-Z0-9_\\-\\.]{0,20}['\\\"]?\\s*[,:=\\[\\({]+)"
}

----------------
KEYS V2 CI
----------------

{
"s3 bucket": "(?i)([a-z0-9\\._-]*s3[a-z0-9\\.-]*\\.amazonaws\\.com[\\\\]?/?([a-z0-9\\._-]+)?)",
"slack token": "(xox[pboa]-[0-9]{10,12}-[0-9]{10,12}(-[0-9]{10,12})?-[a-zA-Z0-9]{24,32})",
"noidea1": "(T[a-zA-Z0-9_]{8}[\\\\]?/B[a-zA-Z0-9_]{8}[\\\\]?/[a-zA-Z0-9_]{24})",
"aws key": "((AKIA|A3T|AGPA|AIDA|AROA|AIPA|ANPA|ANVA|ASIA)[A-Z0-9]{12,})",
"stripe key": "([psr]k_live_[0-9a-zA-Z]{24,34})",
"twilio api key": "((AC|SK)[0-9a-f]{32})",
"google key": "(AIza[0-9A-Za-z_-]{35})",
"google url": "(?i)([0-9]+-[0-9A-Za-z_]{32}\\.apps\\.googleusercontent\\.com)",
"google secret": "(?i)(google.{0,20}[ '\"=:\\(\\[{]+.{0,5}[0-9a-zA-Z_-]{24})",
"sendgrid api key": "(SG\\.[a-zA-Z0-9_-]{22}\\.[a-zA-Z0-9_-]{43})",
"mailchimp key": "([0-9a-f]{32}-us[0-9]{1,2})",
"mailgun key": "(key-[0-9a-zA-Z]{32})",
"square app scret": "(sq0(atp|csp)-[0-9A-Za-z_-]{22,43})",
"square personal token": "(EAAA[0-9a-zA-Z_-]{60})",
"paypal token": "(access_token\\$(live|production|sandbox)\\$[0-9a-z]{16}\\$[0-9a-f]{32})",
"noidea2": "([^0-9a-zA-Z_-][AE][0-9a-zA-Z_-]{79})",
"noidea3": "(A21AA[0-9a-zA-Z_-]{92})",
"facebook secret": "(?i)(facebook.{0,20}[ '\"=:\\(\\[{]+.{0,5}[0-9a-f]{32})",
"noidea4": "(EAACEdEose0cBA[0-9A-Za-z]+)",
"noidea5": "([0-9]{10,20}\\|[a-zA-Z0-9-]{20,30})",
"twitter secret1": "(?i)(twitter.{0,20}[ '\"=:\\(\\[{]+.{0,5}[0-9a-zA-Z]{35,44})",
"twitter secret2": "(?i)(twitter.{0,20}[ '\"=:\\(\\[{]+.{0,5}[1-9][0-9]+-[0-9a-zA-Z]{24,40})",
"noidea6": "(AAAAAAAAAAAAAAAAAAAAA[0-9A-Za-z%=\\+]+)",
"github token": "(ghp_[a-zA-Z0-9]{36})",
"github secret": "(?i)(github.{0,20}[ '\"=:\\(\\[{]+.{0,5}[0-9a-zA-Z]{35,40})",
"heroku secret": "(?i)(heroku.{0,20}[ '\"=:\\(\\[{]+.{0,5}[0-9A-F]{8}-[0-9A-F]{4}-[0-9A-F]{4}-[0-9A-F]{4}-[0-9A-F]{12})",
"noidea7": "([a-z\\+]{3,}:[/]{1,3}[^:'\" ]{2,}:[^@'\" ]{3,}@[^'\" ]+)",
"google oauth access token": "(ya29\\.[0-9A-Za-z_-]+)",
"noidea8": "(?i)(amzn\\.mws\\.[0-9a-f]{8}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{12})",
"subdomain takeover": "(?i)([a-zA-Z0-9_-]+\\.(firebaseio|azurewebsites|cloudapp|trafficmanager|herokuapp|cloudfront)\\.(com|net))",
"public/private key": "(\\-\\-\\-\\-\\-BEGIN[ ]+[A-Z]*[ ]*PRIVATE[ ]+KEY)",
"json web token": "(ey[A-Za-z0-9_=-]+\\.ey[A-Za-z0-9_=-]+\\.?[A-Za-z0-9_\\.+/=-]*)",
"whatever secret": "(?i)((access_key|access_secret|accesstoken|access_token|access-token|access_token_secret|\\.amazonaws\\.com|apikey|api_key|api-key|api_secret_key|api_token|app_key|auth|authkey|authorization|authorization_key|authorization_token|authtoken|auth_token|aws_access_key_id|aws_secret_access_key|azurewebsites|bearer|BEGIN EC PRIVATE KEY|BEGIN PGP PRIVATE KEY BLOCK|BEGIN PRIVATE KEY|BEGIN RSA PRIVATE KEY|bot_access_token|bucket|client_id|client_key|clientsecret|client_secret|client-secret|cloudapp|cloudfront|ConsumerKey|consumer_key|ConsumerSecret|consumer_secret|customer_secret|dbpasswd|DB_PASSWORD|DB_USERNAME|encryptionkey|encryption_key|encryption-key|fb_secret|firebaseio|gsecr|HEROKU_API_KEY|herokuapp|HOMEBREW_GITHUB_API_TOKEN|id_dsa|id_rsa|irc_pass|JEKYLL_GITHUB_TOKEN|key|npm_token|oauth_token|pass|password|perm|private|privatekey|secret|private_key|private-key|PT_TOKEN|rk_live_|secretkey|secret_key|secret-key|secret_token|session_key|session_secret|SESSION_TOKEN|SF_USERNAME|sk_live_|slack_api_token|SLACK_BOT_TOKEN|slack_secret_token|slack_token|sq0atp|sq0csp|sshkey|ssh_key|ssh-key|token|trafficmanager|username|user_secret|xoxa-2|xoxb-|xoxr)[a-zA-Z0-9_\\-\\.]{0,20}['\\\"]?\\s*[,:=\\[\\({]+)"
}

忽略/删除示例

所有忽略/删除文本区域都应该是有效的 JSON 格式数组,因此请注意每一个逗号和引号。保存设置后,系统会立即执行检查,以确保 exender 选项卡的输出/错误选项卡中的一切正常。

[
".png$",
"application/javascript",
"googleapis.com",
"sha256.*$"
]

截图

DataExtractor|Burp Suite插件|用于从源码中提取指定数据
DataExtractor|Burp Suite插件|用于从源码中提取指定数据
DataExtractor|Burp Suite插件|用于从源码中提取指定数据
DataExtractor|Burp Suite插件|用于从源码中提取指定数据

DataExtractor插件下载地址

①github:

https://github.com/gwen001/DataExtractor.zip

②云中转网盘:
yunzhongzhuan.com/#sharefile=ndjffMXd_15491
解压密码: www.ddosi.org

注意事项:
云中转网盘仅可点击下载,
切勿使用任何第三方工具或浏览器插件下载,否则下载失败.

你可能会感兴趣的其他工具:

http://www.ddosi.org/code/

Leave a Reply

您的电子邮箱地址不会被公开。 必填项已用 * 标注