Burp and ZAP plugin to analyse Content-Security-Policy headers or generate template CSP configuration from crawling a Website
Java HTML
Switch branches/tags
Nothing to show
Clone or download
Fetching latest commit…
Cannot retrieve the latest commit at this time.
Permalink
Failed to load latest commit information.
csp-auditor-burp-plugin Fix quoting issue; handle frame-ancestors correctly Feb 25, 2018
csp-auditor-core Fix quoting issue; handle frame-ancestors correctly Feb 25, 2018
csp-auditor-zap-plugin Optimize ZAP packaging to minimize dependencies. Jun 27, 2016
downloads
gradle/wrapper Add Gradle Wrapper May 16, 2016
.gitignore
.travis.yml
BappDescription.html
BappManifest.bmf
README.md Add one screenshot/demo Aug 14, 2017
build.gradle CSP configuration helper Tab.. Jul 19, 2017
demo.gif Added GIF demonstration. Jun 20, 2016
demo2.gif
gradlew Add execute permission to Gradle Wrapper May 16, 2016
gradlew.bat Add Gradle Wrapper May 16, 2016
settings.gradle Update the Burp dependency to Maven artifact. Aug 14, 2017

README.md

CSP Auditor Build Status

This plugin provides:

  • a readable view of CSP Headers in Response Tab
  • passive scan rules to detect weak CSP configuration
  • a CSP configuration generator based on the Burp crawler or using manual browsing

This project is packaged as a ZAP and Burp plugin.

Download

Last updated : August 3th 2017

Screenshots

Passive rules and custom tab:

CSP Auditor Burp Plugin

Configuration builder:

CSP Auditor Burp Plugin

Building the plugin

Type the following command:

./gradlew build

or if you have already Gradle installed on your machine:

gradle build

Read more

For more context around Content-Security-Policy and how to apply it to your website see our blog posts on the topic: