{"id":13636036,"url":"https://github.com/moloch--/CSP-Bypass","last_synced_at":"2025-04-19T04:31:56.348Z","repository":{"id":144890092,"uuid":"50760479","full_name":"moloch--/CSP-Bypass","owner":"moloch--","description":"A Burp Plugin for Detecting Weaknesses in Content Security Policies","archived":false,"fork":false,"pushed_at":"2023-05-19T20:32:45.000Z","size":140,"stargazers_count":166,"open_issues_count":3,"forks_count":36,"subscribers_count":13,"default_branch":"master","last_synced_at":"2025-04-07T19:21:18.443Z","etag":null,"topics":["burp-plugin","content-security-policy","csp","security"],"latest_commit_sha":null,"homepage":null,"language":"Python","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"gpl-3.0","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/moloch--.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null}},"created_at":"2016-01-31T05:34:10.000Z","updated_at":"2025-03-30T19:37:01.000Z","dependencies_parsed_at":"2024-01-07T08:10:16.618Z","dependency_job_id":"92016460-92e4-4a03-89f2-555cc87e8889","html_url":"https://github.com/moloch--/CSP-Bypass","commit_stats":null,"previous_names":[],"tags_count":0,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/moloch--%2FCSP-Bypass","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/moloch--%2FCSP-Bypass/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/moloch--%2FCSP-Bypass/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/moloch--%2FCSP-Bypass/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/moloch--","download_url":"https://codeload.github.com/moloch--/CSP-Bypass/tar.gz/refs/heads/master","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":249606443,"owners_count":21298851,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["burp-plugin","content-security-policy","csp","security"],"created_at":"2024-08-02T00:00:55.850Z","updated_at":"2025-04-19T04:31:56.099Z","avatar_url":"https://github.com/moloch--.png","language":"Python","funding_links":[],"categories":["Scanners"],"sub_categories":[],"readme":"CSP Bypass\n============\n\nThis is a Burp plugin that is designed to passively scan for CSP headers that contain known bypasses as well as other potential weaknesses.\n\n![CSP Bypass](/images/csp_bypass.png?raw=true)\n\n## Installation\n\n#### Jython Setup\n 1. Download the latest standalone [Jython 2.7.x](http://www.jython.org/downloads.html) .jar file\n 1. In Burp select `Extender` and then the `Options` tab, under the _Python Environment_ heading click `Select File ...` and browse to the Jython .jar file\n\n#### CSP Bypass Plugin Setup\n 1. Execute the `build-plugin.sh` script, you should see a `csp-bypass-plugin.py` file appear\n 1. In Burp select `Extender` and then the `Extensions` tab\n 1. Click `Add` in the window that appears, select `Python` from the `Extension Type` dropdown menu\n 1. Click `Select File ...` next to `Extension File` and select the generated `csp-bypass-plugin.py` file\n 1. Click `Next` and you're done!\n\n## Report Bypasses in Common Domains\n\nTo add bypasses simply edit [csp_known_bypasses.py](https://github.com/moloch--/CSP-Bypass/blob/master/csp_known_bypasses.py) with a domain, and an example payload or description of the bypass. Be sure to use the full domain, the plugin will match wildcards (e.g. if a policy allows `*.googleapis.com` it will match against `ajax.googleapis.com`). Submit a pull request to get your bypass in the main repository!\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fmoloch--%2FCSP-Bypass","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fmoloch--%2FCSP-Bypass","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fmoloch--%2FCSP-Bypass/lists"}