Burp Suite extension to identify the historic URLs of the domains in scope from WayBackMachine. Refer to our blog Asset History using Burp Suite for more details.
To know more about our Attack Surface Management platform, check out NVADR.
The extension acts as a passive scanner which extracts the domain(s) that are in scope, identifies their historic URLs from WayBackMachine and lists them under the issues section. The URLs can be easily copied from their and tested further for security issues.
- Setup the python environment by providing the jython.jar file in the 'Options' tab under 'Extender' in Burp Suite.
- Download the extension.
- In the 'Extensions' tab under 'Extender', select 'Add'.
- Change the extension type to 'Python'.
- Provide the path of the file ‘Asset_History.py’ and click on 'Next'.
- Add the target domain/URL in Scope.
- Add a URL to the 'Scope' under the 'Target' tab. The extension will identify historic URLs for it.
- Jython 2.7.0
- Burp Suite Pro v2020.6 [Not tested on older version, however it should work fine]
A large portion of the base code has been taken from the following sources:
- OpenSecurityResearch CustomPassiveScanner
- PortSwigger example-scanner-checks
- BurpSuite Extension - Asset Discover
- Add AlienVault Open Threat Exchange
- Add Domain History
- Add IP History
The project is available under MIT license, see LICENSE file.