Sensitive Data Masker #334
Description
Extension URL
https://github.com/0xVex/burp-repeater-data-masking
Version number
1.0.0
Select additional compatible products and features
- Community
- DAST
- Burp AI
Author display name
Austin Lee
Contact details (optional)
No response
Discord username (optional)
No response
I confirm that the following is true:
- I have permission from all relevant persons to submit this extension to the BApp Store for public use, under the terms and conditions of the EULA.
- I have read and understood the submission requirements for the BApp Store.
Extension overview
Sensitive Data Masker adds a "Masked View" tab to HTTP request and response editors in Repeater, Proxy HTTP History, and Intruder windows. When enabled, it automatically redacts JWT tokens, session cookies, Authorization headers, and API keys, replacing sensitive values with clearly labelled placeholders such as [MASKED_TOKEN] while preserving the surrounding context.
Key features
The Masked View uses Burp's native editor, so syntax highlighting, color coding, and formatting are identical to the built-in Pretty tab. Built-in pattern types can be individually toggled on or off via a Patterns dropdown in the toolbar, and custom regex patterns can be added to catch application-specific secrets. All masking is display-only and entirely local — no data leaves Burp Suite. The extension is designed for security professionals who need to share screenshots or screen recordings of live traffic without exposing sensitive credentials.
Usage instructions
Navigate to the HTTP window in the Repeater, HTTP proxy history, or interceptor tabs.
Click on the "Data Masking" tab
Select desired patterns for masking, or enter custom regex for more uncommon patterns
Turn data masking on to share information with sensitive info redacted, turn it back off to see original data
Template identifier (Internal use only - please ignore)
- template:01-submit-extension