Professional Community

GAP (Get All Parameters, Links, and Words)

This extension helps find potential endpoints, parameters, and generate a custom target wordlist.

Usage

  • Select a target in your Burp scope (or multiple targets), or even just one subfolder or endpoint, and use the context menu action to send the target to "GAP". Alternatively, right click a request or response in any other context and select GAP from the Extensions menu.
  • Go to the GAP tab to view the results.

Important notes:

  • If you don't need one of the modes, then un-check it as results will be quicker.
  • If you run GAP for one or more targets from the Site Map view, don't have them expanded when you run GAP... unfortunately this can make it a lot slower. It will be more efficient if you run for one or two target in the Site Map view at a time, as huge projects can have consume a lot of resources.
  • If you want to run GAP on one of more specific requests, do not select them from the Site Map tree view. It will be a lot quicker to run it from the Site Map Contents view if possible, or from proxy history.
  • It is hard to design GAP to display all controls for all screen resolutions and font sizes. I have tried to deal with the most common setups, but if you find you cannot see all the controls, you can hold down the "Ctrl" button and click the GAP logo header image to remove it to make more space.
  • The Words mode uses the "beautifulsoup4" library and this can be quite slow, so be patient!

Author

Author

XNL-h4ck3r

Version

Version

5.0

Rating

Rating

Popularity

Popularity

Last updated

Last updated

02 May 2024

Estimated system impact

Estimated system impact

Overall impact: Empty

Memory
Empty
CPU
Empty
General
Empty
Scanner
Empty

You can install BApps directly within Burp, via the BApp Store feature in the Burp Extender tool. You can also download them from here, for offline installation into Burp.

You can view the source code for all BApp Store extensions on our GitHub page.

Follow @BApp_Store on Twitter to receive notifications of all BApp releases and updates.

Please note that extensions are written by third party users of Burp, and PortSwigger Web Security makes no warranty about their quality or usefulness for any particular purpose.

Go back to BappStore

Note:

Please note that extensions are written by third party users of Burp, and PortSwigger Web Security makes no warranty about their quality or usefulness for any particular purpose.