Skip to content
/ Web-Cache-Scanner Public

Burp Suite extension to detect Web Cache Deception vulnerabilities, now compatible with the Community Edition. Automates advanced cache poisoning tests and provides detailed exploit examples.

License

GPL-3.0 license
10 stars 2 forks Branches Tags Activity
Star
Notifications You must be signed in to change notification settings

atomiczsec/Web-Cache-Scanner

BranchesTags

Repository files navigation

Web Cache Deception Scanner - Burp Extension Community Edition

This is a Burp Suite extension to test web applications for various Web Cache Deception vulnerabilities. This version has been modified to work with the Burp Suite Community Edition.

The scanner performs the following checks:

Check Description
Initial Path Mapping Check Verifies that the target endpoint responds differently to authenticated vs. unauthenticated requests, and checks if appending a random path segment (e.g., /originalpath/randomXYZ) returns content similar to the original path (/originalpath), confirming a prerequisite where the backend might ignore trailing path segments.
Delimiter + Extension Cache Test If the initial check passes, iterates through common delimiters (/, ;, ?) and file extensions (e.g., .js, .css, .jpg, .woff2, .pdf). For each combination (e.g., /originalpath/randomXYZ.js), checks if requesting the URL without authentication returns content similar to the authenticated request, indicating the authenticated response was cached based on the extension.
Path Normalization Cache Test Checks if the cache normalizes paths differently from the backend server using cacheable targets (e.g., /robots.txt, /index.html, /assets/). Iterates through delimiters and path traversal templates (e.g., %2f%2e%2e%2f), crafting URLs like /originalpath;%2f%2e%2e%2frobots.txt and comparing authenticated vs. unauthenticated responses to detect cache normalization vulnerabilities.

Installation (Community Edition)

Option 1: Download Pre-built Release (Recommended)

  1. Visit the Releases page
  2. Download the latest web-cache-deception-scanner-all.jar from the Latest build release
  3. In Burp Suite, go to the Extender tab
  4. Click Add and select the downloaded JAR file
  5. Check the Output tab for loading confirmation

Option 2: Build from Source

Prerequisites:

  • Java JDK 11 or higher
  • Gradle (or use the included Gradle Wrapper)

Build Steps:

  1. Clone the repository:

    git clone https://github.com/atomiczsec/Web-Cache-Scanner.git
cd Web-Cache-Scanner

  2. Build the extension using Gradle:

    ./gradlew clean build

    Or on Windows:

    gradlew.bat clean build

  3. The built JAR file will be located at build/libs/web-cache-deception-scanner-all.jar

  4. Install in Burp Suite:

    • Open Burp Suite and go to the Extender tab
    • Click Add and select the JAR file from build/libs/
    • Verify installation in the Output tab

Credits

Original extension by Johan Snyman. Vulnerability research by Omer Gil. Community Edition updates by atomiczsec.

Connect with me:

About

Burp Suite extension to detect Web Cache Deception vulnerabilities, now compatible with the Community Edition. Automates advanced cache poisoning tests and provides detailed exploit examples.

Resources

Readme

License

GPL-3.0 license
Activity

Stars

10 stars

Watchers

1 watching

Forks

2 forks
Report repository

Releases 5

Release v2.4 Latest
Nov 18, 2025
+ 4 releases

Packages

No packages published

Contributors 2

Languages