HTML Content Extractor

Apply CSS selectors to extract and analyze specific parts of HTML content directly from the HTTP message viewer. With the power of CSS selectors, users can target elements, attributes, and nested structures in the HTML document, enabling precise and efficient content analysis during security assessments.

Features

• Real-time HTML content extraction using CSS selectors
• Support for three extraction modes:
  • Complete elements (outer HTML)
  • Inner content only (inner HTML)
  • Specific attribute values
• Efficient analysis of potential security issues like XSS vectors and hidden fields
• Integration with Burp's HTTP message viewer for seamless workflow
• Element count and status feedback
• Powered by jsoup for reliable HTML parsing

Usage

1. Intercept HTTP traffic or browse through your proxy history.
2. Select a response containing HTML content.
3. Switch to the "HTML Content Extractor" tab.
4. Enter your CSS selector with an optional prefix to control the output type.

Selector prefixes

@outer - Get complete elements with their tags (default if no prefix).

@outer:input[type=hidden]  -> Shows complete hidden input tags

@outer:form               -> Shows complete form elements

@inner - Get only the contents inside elements.

@inner:div.content       -> Shows only the content inside div

@inner:form             -> Shows only the form contents

@attr:name: - Get specific attribute values.

@attr:href:a           -> Gets all link URLs

@attr:value:input      -> Gets all input values

@attr:class:div        -> Gets all div class names

@attr:src:img          -> Gets all image sources

Example selectors

• Find hidden inputs: @outer:input[type=hidden]
• Extract form contents: @inner:form
• Get all link URLs: @attr:href:a
• Find input values: @attr:value:input[type=text]
• Get class names: @attr:class:div.content