This project is not maintained anymore, please fork and do changes on your own.
This burp extension implements some passive scanner checks which are missing in Burp suite:
-
DOM-based XSS (REs are based on those from https://code.google.com/p/domxsswiki/wiki/FindingDOMXSS)
-
Missing HTTP headers:
-
Strict-Transport-Security
-
X-Content-Type-Options: nosniff
-
X-XSS-Protection
-
-
Multiple occurrences of the checked headers.
-
Redirection from HTTP to HTTPS
All checks can be enabled separately in an own extension tab and a default config can be stored.
-
See TODO markers in the code.
-
Further possibilities to redirect from HTTP to HTTPS (meta refresh, links, referer checking)
-
Active scanner check: Actively test directories for listings
-
Active scanner check: Add parameters like debug, admin, test etc. and check if something interesting appears on the page.
-
Active Scanner check: Reaction of the web application and server to requests with different/missing host headers.