jsluice++ is a Burp Suite extension designed for passive and active scanning of JavaScript traffic using the CLI tool jsluice.
The extension utilizes jsluice's capabilities to extract URLs, paths, and secrets from static JavaScript files and integrates it with Burp Suite, allowing you to easily scan javascript traffic from Burp Suite's Sitemap or Proxy while also offering a user-friendly interface for data inspection and a variety of additional useful features
Requirements:
if this isn't your first time installing a jython extension you can skip to step 3.
go install github.com/BishopFox/jsluice/cmd/jsluice@latest
(ensure that the jsluice binary is in your $PATH
otherwise the extension won't work)The extension adds an item to Burp Suite's context menu which allows you to easily process responses from Burp Suite's Sitemap tab
to do so simply right click any host in the sitemap tree or any item in the sitemap table and select Extensions->jsluice++->Process selected item(s)
in Burp Suite's context menu.
When processing items from the site map tree the extension will get the site map of every selected item (Multiple hosts can be processed)
Default: Off
When Passive scan is toggled on the extension will register an http handler and process responses from traffic flowing through Burp Suite's Proxy (it's recommended to use the in-scope only feature when enabling passive scan to reduce noise)
The extension will process any URL with a .js file extension or a JavaScript mime type and a success status code (2xx) using jsluice's urls mode.
The processed JavaScript file is temporarily saved locally in the ".jsluicepp" directory and gets removed after jsluice has finished processing it,
If jsluice returns any data, the host associated with the URL will be added to the Hosts list, to view the results from jsluice simply select the host and the desired file (multiple files can be selected).
Note: the same URL (GET parameters excluded) will not be processed more than once until the extension is reloaded, this doesn't apply to monitored urls.
.jsluicepp/monitored_urls.txt
and a copy of the output from jsluice is saved locally to .jsluicepp/monitored_files/{host}_{filename_hash}
(Secrets excluded),.jsluicepp/monitored_files/{host}_{filename_hash}.old
and a new copy of the new file will be saved,
When selecting the monitored file in the extension new/modified rows will be colored green and previous versions of modified rows/deleted rows will be colored red, example:
![Change in Monitored URL 2](https://raw.githubusercontent.com/0x999-x/jsluicepp/main/.github/images/change_in_monitored2.png)
if a Monitored URL responds with a non-success status code(2xx) or if jsluice returns no output you will be prompted with a popup dialog asking if you wish to Stop Monitoring the URL, if "Yes" is selected all local copies of the file will be removed.
![No results from Monitored URL](https://raw.githubusercontent.com/0x999-x/jsluicepp/main/.github/images/no_results_monitored.png)
application/json or application/xml or text/xml
is present in the Headers column the body of the request will be formatted accordingly.
Default: On
If selected a "Secrets" results table is added to the UI and the extension will use jsluice's secrets mode on the file after the urls mode has finished, if any unique secrets are found the host will be colored red with a ð€« emoji next to it, example:
![Colored Hosts](https://raw.githubusercontent.com/0x999-x/jsluicepp/main/.github/images/hosts.png)
if you wish to use a custom patterns config you can do so by modifying the 'secrets_command' variable in the code.
Default: Off
If selected and the Secrets checkbox is also selected you will be notified with a popup dialog when a new unique secret is found, the dialog is closed automatically after 15 seconds , example dialog:Default: Off
If selected the extension will use Burp Suite's scope to determine whether a URL should be processed, additionally out of scope hosts will not be displayed in the hosts list.
Default: Off
When selected, in addition to URLs with a .js file extension/mime type, the extension will look for responses with HTML mime type, if such response is found the extension will attempt to extract any and all
tags from the response body, the script tags are then concatenated using new lines and saved to a file which then gets processed by jsluice.
Default: On
If selected duplicate rows will be hidden from the results tables(excluding the Type & File columns)
Default: Off
If selected only rows that contain Query Params / Body Params / Headers will be displayed in the URL/Paths results table