SecretSifter

[secretsifter]

Extension URL

https://github.com/secretsifter/secretsifter-burp

Version number

1.0.0

Select additional compatible products and features

• Community
• DAST
• Burp AI

Author display name

Hemanth Gorijala

Contact details (optional)

gorijala2k16@gmail.com

Discord username (optional)

No response

I confirm that the following is true:

• I have permission from all relevant persons to submit this extension to the BApp Store for public use, under the terms and conditions of the EULA.
• I have read and understood the submission requirements for the BApp Store.

Extension overview

SecretSifter helps security professionals identify hardcoded secrets, tokens, and credentials that are unintentionally exposed in HTTP responses during authorized testing. It fires automatically on every proxied response and sweeps the existing site map on load — no manual configuration needed. Passive scan check and Dashboard issue reporting require Professional. Bulk Scan, proxy handler, context menu rescan, and HTML/CSV export work in Community Edition.

Key features

• 160+ detection rules covering anchored token formats, entropy-based heuristics, generic key-value patterns, and database connection strings
• Passive scan check fires on every proxied response (Pro) and sweeps existing site map on load
• Proxy handler captures findings in Community Edition
• Bulk Scan tab: paste or import URL lists, follow script-src and webpack chunks, HAR import, scope monitor
• Right-click context menu rescan from Proxy History or Repeater
• HTML report export (all-in-one or per-domain ZIP) and CSV export
• Settings: scan tier (FAST/LIGHT/FULL), entropy threshold, CDN blocklist, key name blocklist/allowlist

Usage instructions

1. Download secretsifter-1.0.0.jar from the Releases page
2. Open Burp Suite → Extensions → Installed → Add
3. Set Extension type to Java, browse to the JAR, click Next
4. A "Secret Sifter" tab appears in the main tab bar
5. Browse your target through Burp — findings appear automatically in Dashboard → Issue Activity (Pro) and the Bulk Scan results table (all editions)
6. For bulk scanning: go to Secret Sifter → Bulk Scan, paste URLs, click Start Scan

Template identifier (Internal use only - please ignore)

• template:01-submit-extension

[github-actions]

Thank you for your BApp Store extension submission!

Your submission has been added to our review queue.

We will review your extension as soon as possible. You can track the progress of your submission in our Extension submissions project.

If you have any questions, please comment on this issue. For urgent matters, contact bapps@portswigger.net. We do not respond to status update requests via email.