Skip to content
/ PII_Sniffer Public

The PII Sniffer is a Python-based extension for the Burp Suite tool that, through intercepted HTTP requests, can detect sensitive data such as CPF numbers, phone numbers, important dates, and card numbers.

0 stars 0 forks Branches Tags Activity
Star
Notifications You must be signed in to change notification settings

Vieira-Marola/PII_Sniffer

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

13 Commits
images
images
 
 
README.md
README.md
 
 
pii_sniffer.py
pii_sniffer.py
 
 

Repository files navigation

PII Sniffer - Burp Suite Extension

PII Sniffer is an extension for Burp Suite developed to detect sensitive personal information (PII) in intercepted HTTP responses. The extension identifies CPFs (Brazilian individual taxpayer registry numbers), phone numbers, important dates (such as birthdates), and credit card numbers, making it easier to identify potential personal data leaks.

Features

  • Detects and validates CPFs in HTTP responses.
  • Searches and lists phone numbers.
  • Detects important dates in DD/MM/YYYY and MM/DD/YYYY formats.
  • Identifies possible credit card numbers, validated using the Luhn algorithm.
  • Generates reports on detected PII occurrences, allowing for a detailed analysis of potential data leaks.

Installation

Requirements

Installation Steps

  1. Download the extension: Clone or download this repository to get the PII_Sniffer.py file.

  2. Set up Jython in Burp:

    • In Burp Suite, go to Extension > Settings.

    • In the Python Environment section, set the path to the downloaded Jython Standalone file (e.g., jython-standalone-2.7.4.jar).

  3. Load the extension:

    • Go to Extender > Extensions.

    • Click on Add.

    • Select Extension Type: Python.

    • In Extension file, select the PII_Sniffer.py file.

  4. Installation Confirmation:

    • A confirmation message (“PII Sniffer, Installation OK!!!”) should appear in Burp Suite’s output tab.

Usage

  1. Intercept and analyze HTTP traffic with Burp Suite active.
  2. Check the Output:
    • The extension automatically analyzes HTTP responses for CPFs, phone numbers, important dates, and credit card numbers.
    • When a valid match is found, such as a CPF, phone number, date, or credit card number, it will be displayed in the output log.
  3. Results:

    • The extension displays detected CPFs, phone numbers, dates, and credit card numbers, allowing the analyst to verify potential personal data leaks.

Each identified item is validated and displayed, providing a comprehensive diagnosis of potential personal data leaks.

Contributions

Contributions are welcome! Feel free to fork the project, open pull requests, or report issues.

Note: This extension is intended for ethical use only. Always obtain permission before testing and analyzing third-party data. The user is solely responsible for any misuse of this tool.

About

The PII Sniffer is a Python-based extension for the Burp Suite tool that, through intercepted HTTP requests, can detect sensitive data such as CPF numbers, phone numbers, important dates, and card numbers.

Topics

python plugin python3 appsec burpsuite security-tools burp-extensions sectools

Resources

Readme
Activity

Stars

0 stars

Watchers

1 watching

Forks

0 forks
Report repository

Releases

No releases published

Packages

No packages published

Languages