API Token and Sensitive Data Exposure

PortSwigger / BChecks

BChecks collection for Burp Suite Professional and Burp Suite Enterprise Edition

https://portswigger.net/burp/documentation/scanner/bchecks

GNU Lesser General Public License v3.0

606 stars 107 forks source link

API Token and Sensitive Data Exposure #40

Closed puzzlepeaches closed 1 year ago

puzzlepeaches commented 1 year ago

The BChecks included in this pull detect API keys and common forms of sensitive data exposure in the form of webhooks, JWTs, etc.

I have not been able to test all of these at scale and have set their confidence to tentative to ensure testers review discoveries manually to prevent false positives.

Please let me know if any changes need to be made before merging.

JaveleyQAQ commented 1 year ago

cool. look this https://jaimepolop.github.io/RExpository/ @puzzlepeaches

BuffaloWill commented 1 year ago

👍 upvote