CSP Bypass

This is a Burp plugin that is designed to passively scan for CSP headers that contain known bypasses as well as other potential weaknesses.

Installation

Download the latest Jython 2.7.x .jar file
In Burp select Extender and then the Options tab, under the Python Environment heading click Select File ... and browse to the Jython .jar file

Execute the build-plugin.sh script, you should see a csp-bypass-plugin.py file appear
In Burp select Extender and then the Extensions tab
Click Add in the window that appears, select Python from the Extension Type dropdown menu
Click Select File ... next to Extension File and select the generated csp-bypass-plugin.py file
Click Next and you're done!

Name		Name	Last commit message	Last commit date
Latest commit History 15 Commits
images		images
.gitignore		.gitignore
.pylintrc		.pylintrc
README.md		README.md
build-plugin.sh		build-plugin.sh
burp_csp_bypass.py		burp_csp_bypass.py
burp_scanner_issues.py		burp_scanner_issues.py
csp_known_bypasses.py		csp_known_bypasses.py
csp_parser.py		csp_parser.py
tests.py		tests.py