Burpsuite Extension

Key Features

• Automatic Javascript Analysis: The extension automatically monitors Javascript files coming in your HTTP history, providing real-time analysis and alerts for potential security issues in the Jsmon dashboard.

• Seamless Integration: Seamless integration within Burpsuite via API key, the extension enhances your existing workflow without adding complexity.

• Scope Filter: Inscope domains filter, to avoid useless traffic to Jsmon API. Saves API calls and keeps data consistent in Jsmon's workspace.

• Manual Analysis: The extension allows to toggle between automatic JS analysis or manual. With manual, you can select the JS URLs and send to Jsmon by right-clicking and hovering to Extensions.

Installation Steps

1. Prerequisites: Ensure you have Burp Suite installed.

2. Install the extension:

• Download the Jsmon Burpsuite extension jsmon-extension.jar file from the GitHub repository or from Releases.

• In Burpsuite, go to Extender > Extensions - Select Java as type > Add.

• Choose the downloaded .jar file to add the extension.

• Click on Next and extension is loaded.

Usage

Add the correct workspace ID (wkspId) and the API key from your account into Jsmon extension.

• Turn on Automate scan to automatically send any kind of Javascript traffic coming in Burpsuite to Jsmon directly. Best, but consumes so many uploadUrl API calls from Jsmon if scope is not set properly.

• Send to Jsmon by right-clicking the request, Extensions -> Send to Jsmon.

• Send to Jsmon by copy-pasting URLs into manual text box (line by line).

JS Reconnaissance

In the below image, you can see the JS URLs sent from the Burpsuite extension to Jsmon.

Go to JS Intelligence and Keys & Secrets to see how the reconnaissance is performed over the JS files.