This is the repository for a burp extension called cartogradur
which is used to dig out vulnerable mapping api keys from web sites.
This is still very much a work in progress so if something changes or breaks don't be too surprised. Once it's stable and has additional functionality I will remove this warning :)
Good question, this was born out of the world of bug bounties. I got tired of looking, and searching for, API keys so put together a quick PoC burp plugin to do the job for me. This is my first Burp plugin, and I don't really write much Java so if something could be better I am always open to a pull request :)
I caution you right now, some people will not consider this a real issue while others will. You need to make sure that you really know the programs you are hacking on before submitting this. If you don't then it is very easy to end up getting an Informative
or N/A
if people do not fully understand the actual financial impact of this type of issue.
- Add the provided
cartogradur.jar
file to your Burp extensions - ???
- Profit
- Git clone it locally to some dir
- cd into that some dir
3-linux. Run the following bash one liner:
javac -d build src/burp/*.java && \
cd build && \
jar cvf cartogradur.jar burp/*.class && \
mv cartogradur.jar ../ && \
cd ../ && \
rm -rf build
3.-windows. Run the following
javac -target 8 -source 8 -d build src/burp/*.java
cd build
jar cvf cartogradur.jar burp/*.class
mv cartogradur.jar ../
cd ../
rm build
- Add the newly built
cartogradur.jar
file to your Burp extensions - ???
- Profit