x8-Burp

The tool helps to find hidden parameters that can be vulnerable or can reveal interesting functionality that other hunters miss. Greater accuracy is achieved thanks to the line-by-line comparison of pages, comparison of response code and reflections.

Features

  • Selecting multiple requests from the Proxy or Repeater tab.
  • Each selected request is executed in a separate thread.
  • Automatic Issue creation when hidden parameter is found.
  • HTTP/2 Support.
  • Requests with detected parameters are visible in the Proxy tab.
  • Issue is added with severity Information when WAF is detected.
  • Automatic detection of injection point. If the request body exists, then parameters in URL-Query are ignored.
  • Custom injectin point can be defined using %s or &%s

Usage

  • There are four search choices available:
    • Small Wordlist (Recommended, 25000 words, 5 threads)
    • Large Wordlist (63000 words, 15 threads)
    • x8083 - all request will be proxied via port 8083 (for example, you can configure the port in Burp)
    • Debug Params - the minimum number of requests to detect only debug parameters and parameters based on response

      

Test

Feel free to check whether the tool works as expected and compare it with other tools at https://4rt.one/. There are 2 reflected parameters, 4 parameters that change code/headers/body, and one extra parameter with a not random value.

Detected parameters

Acknowledgement

Thanks to Sh1Yo for the wonderful x8 utility. He added special functions into it so that we could write this wrapper. We also spotted some bugs, specifically in HTTP/2, for Burp Suite compatibility. To examine and understand the project in detail, or if you need a command line version, click here.

Follow-up plan

  • [ ] Implementation of a panel for configuring custom proxy
  • [x] Windows version
  • [ ] Implementation of a choice - 25000 words, 1 thread
  • [ ] Adding to BApp Store

Video

Installation

You need to configure Jython Standalone path in Burp Suite Extender options.

As this is a wrapper, a precompiled binary is used.

  • Linux
    • from releases
      Burp -> Extender -> ./x8-Burp/linux_x8.py
      
  • Windows
    • from releases
      Burp -> Extender -> ./x8-Burp/win_x8.py
      

GitHub

https://github.com/Impact-I/x8-Burp