Skip to content
/ sri-check Public
forked from SolomonSklash/sri-check

A Burp Suite extension for identifying missing Subresource Integrity attributes.

License

GPL-3.0 license
5 stars 6 forks Branches Tags Activity
Star
Notifications You must be signed in to change notification settings

PortSwigger/sri-check

BranchesTags
 
 

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

59 Commits

.vscode

.vscode

 
 

screenshots

screenshots

 
 

tests

tests

 
 

.gitignore

.gitignore

 
 

BappDescription.html

BappDescription.html

 
 

BappManifest.bmf

BappManifest.bmf

 
 

LICENSE

LICENSE

 
 

README.md

README.md

 
 

sri-check.py

sri-check.py

 
 

Repository files navigation

SRI Check

A Burp Suite extension for identifying missing Subresource Integrity attributes.

  • Passive scanner checks create informational issues in Burp Suite
  • Only flags resources from 3rd party domains that do not include the integrity attribute.
  • Written in Python
  • Requires Jython 2.7+
  • Pull requests welcome!

Todo

  • Add support for relative paths
  • Improve regex, especially accounting for the case of script and link tags and spaces in tags
  • Check MIME type of pages to prevent running against images, CSS, etc.
  • Fix possible concurrency issues
  • Account for possible false positives on tags

Screenshots

Example Issue

About

A Burp Suite extension for identifying missing Subresource Integrity attributes.

Resources

Readme

License

GPL-3.0 license
Activity
Custom properties

Stars

5 stars

Watchers

2 watching

Forks

0 forks
Report repository

Releases

6 tags

Packages

No packages published

Languages

  • Python 76.1%
  • HTML 23.9%