Burp extension that checks for interesting and security headers
Clone or download
Fetching latest commit…
Cannot retrieve the latest commit at this time.
Type Name Latest commit message Commit time
Failed to load latest commit information.
Screenshots Added screenshots Aug 7, 2014
BoringHeaders.txt First Commit Aug 7, 2014
LICENSE First Commit Aug 7, 2014
README.md Updated README.md Aug 20, 2014


Headers Analyzer

Headers Analyzer is a Burp extension written in Python that making use of the "Passive Scanner" functionality checks for:

  • Headers that might disclose some interesting information.
  • Missing security headers.
  • Misconfigured security headers.

Issues found will be reported and added to the passive scanner tab in a similar way to the native issues reported by Burp.

The extension will add a new tab to Burp's UI to allow the user to configure it, including the following aspects:

  • Select what kind of headers the extension should analyze.
  • Boring headers, a list of boring headers that the extension will omit.
  • Export the results in a "report friendly" format.

An additional "BoringHeaders.txt" file is included apart from the extension. This file includes a predefined list of boring headers that might prove useful for the user.


Extension tab:

Alt text

Flagged issues:

Alt text




Jython 2.7+ is needed for this extension to work properly, so remember to set it up in Burp before adding the extension. After that, just add a new extension in the "Extensions" tab, choose "Python" as the extension type, and point to the "HeadersAnalyzer.py" file.

The first time you load the extension, the "Boring Headers" list will be empty, a file with default boring headers can be found at: https://github.com/Dionach/HeadersAnalyzer/blob/master/BoringHeaders.txt.

The extension will save the current settings before Burp is closed, and restore them once the extension is loaded again.

Check the "Output" and "Errors" tabs for possible feedback.