yanxinwu946

yanxinwu946 / Injector---Path-Collector

Public

一款高效的 Burp Suite 插件,专注于检测 URL 路径与 XFF 头部潜在的 SQL 注入漏洞,并集成接口自动采集。

19
0
69% credibility
Found Apr 04, 2026 at 19 stars -- GitGems finds repos before they trend. Get early access to the next one.
Sign Up Free
AI Analysis
Python
AI Summary

Burp Suite extension that monitors HTTP responses from Proxy or Repeater, injects payloads into paths and headers to detect SQL errors, collects generalized paths, and displays results in interactive tables.

How It Works

1
🔍 Find the security helper

You come across this handy tool on GitHub that helps uncover weak spots in website paths by checking how they react to tiny changes.

2
⚙️ Set your preferences

Open the tool's panel, pick which sites to focus on, choose codes to ignore, and decide if you want smart shortcuts or full checks.

3
🌐 Start watching traffic

Turn on monitoring for your web browsing or test requests so the tool can quietly examine each page path you visit.

4
🧪 Watch it test automatically

The tool sneaks in special characters into paths and headers, looking for error clues that reveal security slips, feeling like a detective at work.

5
📊 Check the colorful lists

See tables fill with tested paths, response sizes, and red highlights where something broke, making issues jump out easily.

6
📝 Build your path collection

Your list of discovered paths grows in the side panel, ready to use for deeper checks or sharing.

Spot the vulnerabilities

You walk away with clear signs of weak points and safe paths, ready to fix or report them confidently.

Sign up to see the full architecture

5 more

Sign Up Free

Star Growth

See how this repo grew from 19 to 19 stars Sign Up Free
Repurpose This Repo

Repurpose is a Pro feature

Generate ready-to-use prompts for X threads, LinkedIn posts, blog posts, YouTube scripts, and more -- with full repo context baked in.

Unlock Repurpose
AI-Generated Review

What is Injector---Path-Collector?

This Python Burp Suite extension collects paths from proxy or repeater traffic and tests them for SQL injection in URL segments and XFF headers like X-Forwarded-For. It generalizes dynamic paths (e.g., IDs to {id}), injects payloads like single quotes, and flags SQL errors via response diffs or patterns. Users get a clean tab with dual tables for scan results, request/response viewers, and a live path dictionary—ideal for turning passive monitoring into active vuln hunting in Burp Suite Community Edition.

Why is it gaining traction?

Unlike broad burp scanner github tools, it targets sneaky path and header SQLi often missed in standard Burp Suite Pro flows, with smart skips for safe segments and regex whitelists to cut noise. Configs for block codes and traffic sources (proxy/repeater) keep it lightweight, while the collector builds a reusable dictionary on the fly. Developers dig the no-setup integration for burp bounty github hunts, boosting efficiency without switching to full burp suite alternatives.

Who should use this?

Bug bounty hunters wielding Burp Suite Community Edition download for API path fuzzing, pentesters probing cloud apps via XFF in Burp Suite Windows setups, or security auditors needing a github burp extension to auto-collect and scan interfaces during recon.

Verdict

Solid niche pick for Burp path SQLi with 19 stars, but the 0.7% credibility score signals early maturity—thin docs mean testing it yourself first. Worth loading into your burp github suite if you live in community edition traffic analysis.

(198 words)

Sign up to read the full AI review Sign Up Free

Similar repos coming soon.