Skip to content

Burp and ZAP plugin to analyze CSP headers

Notifications You must be signed in to change notification settings

PortSwigger/csp-auditor

 
 

Repository files navigation

CSP Auditor Build Status

This plugin provides:

  • a readable view of CSP Headers in Response Tab
  • passive scan rules to detect weak CSP configuration
  • a CSP configuration generator based on the Burp crawler or using manual browsing

This project is packaged as a ZAP and Burp plugin.

Download

Last updated : August 3th 2017

Screenshots

Passive rules and custom tab:

CSP Auditor Burp Plugin

Configuration builder:

CSP Auditor Burp Plugin

Building the plugin

Type the following command:

./gradlew build

or if you have already Gradle installed on your machine:

gradle build

Read more

For more context around Content-Security-Policy and how to apply it to your website see our blog posts on the topic:

About

Burp and ZAP plugin to analyze CSP headers

Resources

Stars

Watchers

Forks

Releases

No releases published

Packages

No packages published

Languages

  • Java 96.7%
  • HTML 3.3%