PassiveDigger is a comprehensive Burp Suite extension designed for passive analysis of web traffic. By targeting specific host-port combinations, this extension listens to traffic and provides hints or identifies potential vulnerabilities. It performs checks on both incoming requests and server responses, offering a wide range of features to enhance your web vulnerability assessments.
- Find file upload functionalities
- Find serialized data in requests
- Find base64-Encoded data in requests
- Find SQL errors in response for SQL injection
- Find reflected parameters (Possible XSS or HTML injection)
- Find possible LFI vulnerabilities
- Find sensitive files
- Fingerprint web server/application
- Find directory indexing/browsing
- Find possible Execution After Redirection (EAR)
- Find sensitive data in errors
- Find misconfigurations in Cookie flags
- Find Base64-encoded data in response
- Extract email addresses
- Extract phone numbers
- Analyzer Tab for listing all findings
- Load past traffic from History or Sitemap
- Mark findings as false positives
- Send findings to "Repeater" or "Intruder" for further testing
- Headers Tab for listing unique headers and their values
- Security Headers check
- To build the project, you need Gradle installed.
- Clone the repository
git clone https://github.com/moeinfatehi/PassiveDigger - Open the main directory of the project (where build.gradle file exists) and run:
gradle makeJar - The Jar file will be generated in "build/libs/PassiveDigger.jar"
The quickest way to install PassiveDigger is to load the jar file (PassiveDigger.jar) into Burp Suite.
- Open Burp Suite
- Go to
Extender -> Extensions -> Add - Load the
PassiveDigger.jarfile
A new tab will be added to the Burp Suite, and you are all set to use the extension.
Right-click on any request-response pair in various Burp Suite tabs (Proxy, History, Repeater, Scanner, etc.) and select Send target to Passive Digger to set a target for analysis. You can set multiple targets, manage them in the Targets tab, and remove or clear targets as needed.
Enable or disable specific checks and update the results by clicking on the "Update Analyzer Tab" button. For each finding, you'll get detailed information, including:
- Severity
- URL
- Parameter
- Parameter Type
- Check Code
- Description
- CVSS Score (if applicable)
- Full Request and Response for PoC
You can double-click any row in the table for a detailed frame view of the vulnerability. You can also mark each finding as a false positive or send it to other Burp Suite tabs like "Repeater" or "Intruder" for further manual testing.
The Headers tab lists unique headers and values detected in the responses. You can also add some headers as exceptions to not list them in the table.
This tab checks for the following security headers and their configured values:
- X-XSS-Protection
- X-Frame-Options
- Content-Security-Policy
- X-Content-Type-Options
- Referrer-Policy
- Strict-Transport-Security (WSTG-CONF-07)
To make the most out of PassiveDigger, you can fine-tune its functionality using the following approaches:
To set this up:
- Open Burp Suite and enable the PassiveDigger extension. Set your target.
- In your web scanner software, configure Burp Suite as an upstream proxy.
- Start scanning the target in your web scanner software.
This will allow PassiveDigger to analyze the traffic generated by the web scanner, helping you identify vulnerabilities or hints.
For this approach, you'll need two instances of Burp Suite:
- In the first instance, act as the upstream proxy. Enable PassiveDigger and set your target.
- In the second (primary) instance, configure the first Burp Suite instance as its upstream proxy.
- Start scanning your target with the primary Burp Suite instance.
With this configuration, PassiveDigger will analyze the scanner traffic from the primary instance.
To use this method:
- Run a single instance of Burp Suite with the PassiveDigger extension enabled and the target set.
- Navigate to
Target -> Sitemaptab. - Right-click on the target and select the "Scan" option.
- Choose "Crawl only" from the list to start crawling.
This will allow PassiveDigger to listen to the scanner traffic and identify
For more information and updates, follow me on: