GAP (Get All Parameters, Links, and Words)

This extension collects all parameter names observed during scanning or manual testing and makes them accessible in a dedicated tab. It assists in identifying hidden, undocumented, or parameter pollution opportunities across the target application.

Features

• Captures all parameters from HTTP requests and responses
• Displays parameters in a dedicated "Get All Parameters" tab
• Includes source information for each parameter (e.g. URL, body, cookie)
• Highlights unique and duplicate parameter names
• Supports exporting the parameter list for offline analysis

Usage

To use the extension:

1. Browse or scan your target application as usual.
2. Right-click on a target in your Burp sitemap (or multiple targets), or even just one subfolder or endpoint, and use the extension-generated context menu item to "Send to GAP".
3. Open the "Get All Parameters" tab to view the aggregated list of observed parameters.
4. Use the interface to filter, sort, or search parameters of interest.
5. Optionally, export the list for external processing or further analysis.

Performance Tips

• Disable any scanning modes you don't need to speed up results.
• When running GAP from the Site Map view, avoid expanding large targets beforehand as this significantly slows performance. For better efficiency, run GAP on one or two targets at a time.
• To scan specific requests, use the Site Map Contents view or Proxy History instead of selecting items from the Site Map tree, as this is much faster.
• If UI elements are not fully visible due to screen resolution or font size, hold down Ctrl and click the GAP logo header image to hide it and reveal more space.
• The "Words" mode relies on the beautifulsoup4 library, which may be slow. Please be patient while it runs.