moloch-- / Csp Bypass
A Burp Plugin for Detecting Weaknesses in Content Security Policies
Stars: ✭ 130
Programming Languages
python
139335 projects - #7 most used programming language
Labels
Projects that are alternatives of or similar to Csp Bypass
Csp Auditor
Burp and ZAP plugin to analyse Content-Security-Policy headers or generate template CSP configuration from crawling a Website
Stars: ✭ 121 (-6.92%)
Mutual labels: csp, burp-plugin
Csp Html Webpack Plugin
A plugin which, when combined with HTMLWebpackPlugin, adds CSP tags to the HTML output.
Stars: ✭ 109 (-16.15%)
Mutual labels: csp
Partnercenterpowershellmodule
Partner Center PowerShell Module
Stars: ✭ 35 (-73.08%)
Mutual labels: csp
So 5 5
SObjectizer: it's all about in-process message dispatching!
Stars: ✭ 87 (-33.08%)
Mutual labels: csp
Burp Suite Error Message Checks
Burp Suite extension to passively scan for applications revealing server error messages
Stars: ✭ 45 (-65.38%)
Mutual labels: burp-plugin
Cstc
CSTC is a Burp Suite extension that allows request/response modification using a GUI analogous to CyberChef
Stars: ✭ 91 (-30%)
Mutual labels: burp-plugin
Burp Sensitive Param Extractor
burpsuite extension for check and extract sensitive request parameter
Stars: ✭ 35 (-73.08%)
Mutual labels: burp-plugin
Mssqli Duet
SQL injection script for MSSQL that extracts domain users from an Active Directory environment based on RID bruteforcing
Stars: ✭ 82 (-36.92%)
Mutual labels: burp-plugin
U2c
Unicode To Chinese -- U2C : A burpsuite Extender That Convert Unicode To Chinese 【Unicode编码转中文的burp插件】
Stars: ✭ 83 (-36.15%)
Mutual labels: burp-plugin
Securityheaders
Check any website (or set of websites) for insecure security headers.
Stars: ✭ 104 (-20%)
Mutual labels: csp
Burpsuite Collections
BurpSuite收集:包括不限于 Burp 文章、破解版、插件(非BApp Store)、汉化等相关教程,欢迎添砖加瓦---burpsuite-pro burpsuite-extender burpsuite cracked-version hackbar hacktools fuzzing fuzz-testing burp-plugin burp-extensions bapp-store brute-force-attacks brute-force-passwords waf sqlmap jar
Stars: ✭ 1,081 (+731.54%)
Mutual labels: burp-plugin
Swurg
Parse OpenAPI documents into Burp Suite for automating OpenAPI-based APIs security assessments (approved by PortSwigger for inclusion in their official BApp Store).
Stars: ✭ 94 (-27.69%)
Mutual labels: burp-plugin
Express Security
nodejs + express security and performance boilerplate.
Stars: ✭ 37 (-71.54%)
Mutual labels: csp
Csp
Given a list of hosts, this small utility fetches all whitelisted domains from the hosts' CSPs.
Stars: ✭ 89 (-31.54%)
Mutual labels: csp
Venice
Coroutines, structured concurrency and CSP for Swift on macOS and Linux.
Stars: ✭ 1,501 (+1054.62%)
Mutual labels: csp
Burp Unauth Checker
burpsuite extension for check unauthorized vulnerability
Stars: ✭ 99 (-23.85%)
Mutual labels: burp-plugin
CSP Bypass
This is a Burp plugin that is designed to passively scan for CSP headers that contain known bypasses as well as other potential weaknesses.
Installation
Jython Setup
- Download the latest standalone Jython 2.7.x .jar file
- In Burp select
Extenderand then theOptionstab, under the Python Environment heading clickSelect File ...and browse to the Jython .jar file
CSP Bypass Plugin Setup
- Execute the
build-plugin.shscript, you should see acsp-bypass-plugin.pyfile appear - In Burp select
Extenderand then theExtensionstab - Click
Addin the window that appears, selectPythonfrom theExtension Typedropdown menu - Click
Select File ...next toExtension Fileand select the generatedcsp-bypass-plugin.pyfile - Click
Nextand you're done!
Report Bypasses in Common Domains
To add bypasses simply edit csp_known_bypasses.py with a domain, and an example payload or description of the bypass. Be sure to use the full domain, the plugin will match wildcards (e.g. if a policy allows *.googleapis.com it will match against ajax.googleapis.com). Submit a pull request to get your bypass in the main repository!
Note that the project description data, including the texts, logos, images, and/or trademarks,
for each open source project belongs to its rightful owner.
If you wish to add or remove any projects, please contact us at [email protected].