JSpector is a Burp Suite extension that passively crawls JavaScript files and automatically creates issues with URLs, endpoints and dangerous methods found on the JS files.
Prerequisites
Before installing JSpector, you need to have Jython installed on Burp Suite.
Installation
- Download the latest version of JSpector
- Open Burp Suite and navigate to the
Extensions
tab. - Click the
Add
button in theInstalled
tab. - In the
Extension Details
dialog box, selectPython
as theExtension Type
. - Click the
Select file
button and navigate to theJSpector.py
. - Click the
Next
button. - Once the output shows: “JSpector extension loaded successfully”, click the
Close
button.
Usage
- Just navigate through your targets and JSpector will start passively crawl JS files in the background and automatically returns the results on the
Dashboard
tab. - You can export all the results to the clipboard (URLs, endpoints and dangerous methods) with a right click directly on the JS file: