AWS Extender is a BurpSuite extension to identify and test S3 buckets as well as Google Storage buckets and Azure Storage containers for common misconfiguration issues using the boto/boto3 SDK library.
For general instructions on how to load BurpSuite extensions, please visit this URL.
Both of boto and boto3 are required. You can install them using pip:
$ pip install -r requirements.txt
- Open the BurpSuite Extender tab.
- Click "Options".
- Set the "Folder for loading modules" setting to the path of your Python installation's site-packages directory.
The settings tab provides the following settings:
Below is a description of each:
| Setting | Description | Required |
|---|---|---|
| AWS Access Key | Your AWS account access key ID | True |
| AWS Secret Key | Your AWS account secret key | True |
| AWS Session Key | A temporary session token | False |
| GS Access Key | Your Google account access key ID | True |
| GS Secret Key | Your Google account secret key | True |
| Wordlist Filepath | A filepath to a list of filenames | False |
| Passive Mode | Perform passive checks only | N/A |
Notes:
-
AWS keys can be obtained from your AWS Management Console. For Google Cloud, see the documentation.
-
The extension will still provide minimal functionality (e.g., identifying buckets) even if none of the above requirements are satisfied.
