Skip to content
/ CSP-Bypass Public
forked from moloch--/CSP-Bypass

A Burp Plugin for Detecting Weaknesses in Content Security Policies

9 stars 39 forks Branches Tags Activity
Star
Notifications You must be signed in to change notification settings

TheRook/CSP-Bypass

BranchesTags
 
 

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

15 Commits
images
images
 
 
.gitignore
.gitignore
 
 
.pylintrc
.pylintrc
 
 
README.md
README.md
 
 
build-plugin.sh
build-plugin.sh
 
 
burp_csp_bypass.py
burp_csp_bypass.py
 
 
burp_scanner_issues.py
burp_scanner_issues.py
 
 
csp_known_bypasses.py
csp_known_bypasses.py
 
 
csp_parser.py
csp_parser.py
 
 
tests.py
tests.py
 
 

Repository files navigation

CSP Bypass

This is a Burp plugin that is designed to passively scan for CSP headers that contain known bypasses as well as other potential weaknesses.

CSP Bypass

Installation

Jython Setup

  1. Download the latest Jython 2.7.x .jar file
  2. In Burp select Extender and then the Options tab, under the Python Environment heading click Select File ... and browse to the Jython .jar file

CSP Bypass Plugin Setup

  1. Execute the build-plugin.sh script, you should see a csp-bypass-plugin.py file appear
  2. In Burp select Extender and then the Extensions tab
  3. Click Add in the window that appears, select Python from the Extension Type dropdown menu
  4. Click Select File ... next to Extension File and select the generated csp-bypass-plugin.py file
  5. Click Next and you're done!

About

A Burp Plugin for Detecting Weaknesses in Content Security Policies

Resources

Readme
Activity

Stars

9 stars

Watchers

2 watching

Forks

5 forks
Report repository

Releases

No releases published

Packages

 
 
 

Languages

  • Python 98.9%
  • Shell 1.1%