Ecosyste.ms: Awesome

An open API service indexing awesome lists of open source software.

Awesome Lists | Featured Topics | Projects

https://github.com/GoSecure/csp-auditor

Burp and ZAP plugin to analyse Content-Security-Policy headers or generate template CSP configuration from crawling a Website
https://github.com/GoSecure/csp-auditor

burp burp-plugin csp hacktoberfest http security zap zap-plugin

Last synced: 2 days ago
JSON representation

Burp and ZAP plugin to analyse Content-Security-Policy headers or generate template CSP configuration from crawling a Website

Host: GitHub
URL: https://github.com/GoSecure/csp-auditor
Owner: GoSecure
Created: 2016-03-16T14:36:55.000Z (over 8 years ago)
Default Branch: master
Last Pushed: 2020-04-29T18:27:24.000Z (over 4 years ago)
Last Synced: 2024-08-02T05:15:57.359Z (3 months ago)
Topics: burp, burp-plugin, csp, hacktoberfest, http, security, zap, zap-plugin
Language: Java
Homepage:
Size: 3.76 MB
Stars: 136
Watchers: 12
Forks: 34
Open Issues: 3
Metadata Files:
- Readme: README.md

Awesome Lists containing this project

WebHackersWeapons - csp-auditor - auditor?label=%20)|[`csp`](/categorize/tags/csp.md)|![linux](/images/linux.png)![macos](/images/apple.png)![windows](/images/windows.png)![zap](/images/zap.png)![burp](/images/burp.png)[![Java](/images/java.png)](/categorize/langs/Java.md)| (Weapons / Burpsuite, Caido and ZAP Addons)
awesome-hacking-lists - GoSecure/csp-auditor - Burp and ZAP plugin to analyse Content-Security-Policy headers or generate template CSP configuration from crawling a Website (Java)

README

# CSP Auditor [![Build Status](https://travis-ci.org/GoSecure/csp-auditor.png)](https://travis-ci.org/GoSecure/csp-auditor)

This plugin provides:

* a readable view of CSP Headers in Response Tab
* passive scan rules to detect weak CSP configuration
* a CSP configuration generator based on the Burp crawler or using manual browsing

This project is packaged as a ZAP and Burp plugin.

## Download

Last updated : August 3th 2017

- [Burp plugin](https://github.com/GoSecure/csp-auditor/blob/master/downloads/csp-auditor-burp-1.jar?raw=true)
- [ZAP plugin](https://github.com/GoSecure/csp-auditor/blob/master/downloads/cspauditor-alpha-1.zap?raw=true)

## Screenshots

Passive rules and custom tab:

![CSP Auditor Burp Plugin](https://raw.githubusercontent.com/GoSecure/csp-auditor/master/demo.gif)

Configuration builder:

![CSP Auditor Burp Plugin](https://raw.githubusercontent.com/GoSecure/csp-auditor/master/demo2.gif)

## Building the plugin

Type the following command:

```
./gradlew build
```

or if you have already Gradle installed on your machine:

```
gradle build
```

## Read more

For more context around Content-Security-Policy and how to apply it to your website see our blog posts on the topic:

* http://gosecure.net/2017/07/20/building-a-content-security-policy-configuration-with-csp-auditor
* https://gosecure.net/2016/06/28/auditing-csp-headers-with-burp-and-zap/