Skip to content

A Burp extension for generic extraction and reuse of data within HTTP requests and responses.

Notifications You must be signed in to change notification settings

PortSwigger/token-extractor

 
 

Repository files navigation

Burp Extractor

Burp Extractor is intended to be used as a one-size-fits-all tool for extracting data from HTTP responses to be reused in HTTP requests. This can be items such as CSRF tokens, Auth Bearer tokens, timestamps, etc. The extension uses regex to extract needed data from responses, and will insert extracted data into any HTTP request sent through Burp which matches a second regex.

Send Request/Response to Extractor

Send requests and responses to Extractor using a context menu item.

Select Request/Response Pair

Select requests and responses using a Comparer-like interface.

Highlight Data to Extract

Highlight data in Burp's text editor to automatically create regex strings to extract and insert data. Highlight text in the response to select the location of data to be extracted, and highlight text in the request to select the location that data should be inserted. Configure any necessary scope options or tailor your regex to suit your specific needs. Once a tab in Extractor is turned on, it must capture a response matching the response regex string before inserting data into requests.

Simple Demo of Extractor

About

A Burp extension for generic extraction and reuse of data within HTTP requests and responses.

Resources

Stars

Watchers

Forks

Packages

No packages published

Languages

  • Java 97.8%
  • HTML 2.2%