This is a burp extension which adds passive checks to the Burp scanner. The following is a list of items it will look for:
- Cross-Domain Script Includes (DOM)
- CORS Headers Do Not Require Subresource Integrity
- Subresource Integrity Failed Validation
- Cross-Domain Script Includes where DNS Resolution Fails
It does this by looking at the HTML received and loads the DOM via a headless Chromium instance using Selenium.
Licensing and Recognition
Distributed under GPLv3. Copyright 2019: Focal Point Data Risk, LLC Written by: Peter Hefley
- Obtain a copy of this repo.
- Install the chromedriver shim between selenium and chromium. On Ubuntu, this is done by issuing the following command:
sudo apt install chromium-chromedriver
- In burp, go to the extender tab, extensions sub-tab, and Add this extension. It is a Java extension type and you will need to select the included, or built, jar file.
- The path to the chromedriver binary you want to use. This defaults to the standard location it is installed to in Linux.
It is possible to load indicators of compromise (IOCs) as JSON files through the GUI tab. Examples are provided in the intel folder.
- watch the DOM (not "html") and log every loaded JS as a finding (medium?). totally ignore scope
- check every loaded js against a list of known compromised and make different alert
- When you can't load a JS resource, check to see if the domain is available.
I've seen weird caching issues with systemd-resolved, the default DNS service on Ubuntu. If you see resources which cannot be accessed due to DNS issues, consider disabling the DNS caching or clearing your cache. Both seem to help.
/etc/systemd > cat resolved.conf | grep "Cache"