Dr. Watson is a simple Burp Suite extension that helps find assets, keys, subdomains, IP addresses, and other useful information! It's your very own discovery side kick, the Dr. Watson to your Sherlock!
How Does Dr. Watson Work?
Dr. Watson takes regexes from the issues_library.json file and attempts to match said regexes with responses within Burp Suite. Once it matches a regex, it raises an issue with the severity defined in the config, as a finding for the target host. It is simple, sweet, and easy to use!
Setup - Installing for Burp Suite Pro
Setting Up Jython
- Download the latest standalone version of jython
- Navigate to Extender -> Options
- Navigate to the "Python Environment" section
- Click "Select File" and select the previously downloaded file
Installing the Plugin
- Navigate to Extender -> Extensions
- Click the "Add" button
- Change the "Extension Type" to "Python"
- Select the plugin python file within the "Extension file" field
- Click "Next"
- Enjoy the plugin!
How to Use The Plugin
- Install the plugin
- Add any domain you want analysed into scope (if not in scope, it will not be analysed, ensuring performance is not hindered immensely)
- Navigate / crawl through the website and observe the plugin creates issues for different resources identified.
Authors and Thanks
Originally written by Sajeeb Lohani (sml555). I would like to thank the following for helping with the project:
- BugCrowd HUNT for the Jython installation steps
- Redhunt Labs for the original plugin and the idea
- TruffleHog Regexes and git-all-secrets for the regexes
Contributions to this project are very welcome. If you're a newcomer to open source and would like some help in doing so, feel free to reach out to me on twitter (@sml555_) and I'll assist wherever I can.