SensitiveDiscoverer Gets Even Better: Introducing the Latest Version
Table of contents
SensitiveDiscoverer has come a long way since our last post, with many new features and improvements. For those unfamiliar with it, SensitiveDiscoverer is an extension for penetration testers to automatically find sensitive information. Everything else will be explained shortly.
Let’s start rewinding a bit.
Burp Suite is one of the most popular tools for web application security testing among professional security analysts, researchers, and bug bounty hunters.
During our penetration tests, we often rely on Burp Suite’s search functionality to manually scan requests and responses for patterns. Matching patterns on all messages helps us lower the chance of overlooking disclosed secrets and sensitive information.
While this may work for one or two patterns, manually doing this can be tedious and time-consuming, especially when dealing with numerous patterns.
That’s why we developed “SensitiveDiscoverer”: a Burp Suite extension to automate the process of scanning for sensitive strings in HTTP messages.
Over the past years, CYS4 has identified various “Sensitive Data Exposure” issues in its penetration tests. Numbers-wise, this vulnerability has been found in 67% of our customers’ applications. This shows that the problem is widespread within applications. Thanks to the extension developed, we aim to improve the accuracy of our Penetration Test activities even further.
Latest upgrade: What’s new and Why it matters
SensitiveDiscoverer is a Burp Suite extension that lets you scan Burp’s proxy history, searching for potential Information Disclosure. Using a list of regular expressions to match against every message, you can automatically find valuable information, such as API Keys, Client IDs, and Secrets, without inspecting every message manually.
In version 3.0, we’ve made some significant improvements to the tool. Let’s go through the most important ones:
Multithreading allows you to select the number of parallel threads used when scanning messages, reducing scanning times significantly. During our tests, the scanning times were consistently reduced by at least 50%.
New and improved regex lists
A new and improved collection of regexes that focuses on higher accuracy.
The extension comes with a pre-defined collection of regexes carefully maintained by us. We aim to provide a great out-of-the-box experience with few false positives. The list offers a solid starting point for adding your own lists of regexes.
New scan filters
New filters are available to further refine the search, only scanning the most relevant messages. This reduces both unnecessary results and scanning time.
And many more!
The UI has also received multiple improvements, and many bugs were fixed during the process. The complete list of changes is available on the project’s GitHub page.
SensitiveDiscoverer is available on the official BAppStore and on our GitHub repository. We’re committed to maintaining this project, improving the default set of available regexes, and enriching the interface’s look and feel.
If you have any feature requests or suggestions for improvements, feel free to browse our GitHub repository and let us know.