Ecosyste.ms: Awesome
An open API service indexing awesome lists of open source software.
https://github.com/gosecure/csp-auditor
Burp and ZAP plugin to analyse Content-Security-Policy headers or generate template CSP configuration from crawling a Website
https://github.com/gosecure/csp-auditor
burp burp-plugin csp hacktoberfest http security zap zap-plugin
Last synced: 8 days ago
JSON representation
Burp and ZAP plugin to analyse Content-Security-Policy headers or generate template CSP configuration from crawling a Website
- Host: GitHub
- URL: https://github.com/gosecure/csp-auditor
- Owner: GoSecure
- Created: 2016-03-16T14:36:55.000Z (over 8 years ago)
- Default Branch: master
- Last Pushed: 2020-04-29T18:27:24.000Z (over 4 years ago)
- Last Synced: 2024-11-01T21:35:14.632Z (11 days ago)
- Topics: burp, burp-plugin, csp, hacktoberfest, http, security, zap, zap-plugin
- Language: Java
- Homepage:
- Size: 3.76 MB
- Stars: 136
- Watchers: 12
- Forks: 34
- Open Issues: 3
-
Metadata Files:
- Readme: README.md
Awesome Lists containing this project
README
# CSP Auditor [![Build Status](https://travis-ci.org/GoSecure/csp-auditor.png)](https://travis-ci.org/GoSecure/csp-auditor)
This plugin provides:
* a readable view of CSP Headers in Response Tab
* passive scan rules to detect weak CSP configuration
* a CSP configuration generator based on the Burp crawler or using manual browsingThis project is packaged as a ZAP and Burp plugin.
## Download
Last updated : August 3th 2017
- [Burp plugin](https://github.com/GoSecure/csp-auditor/blob/master/downloads/csp-auditor-burp-1.jar?raw=true)
- [ZAP plugin](https://github.com/GoSecure/csp-auditor/blob/master/downloads/cspauditor-alpha-1.zap?raw=true)## Screenshots
Passive rules and custom tab:
![CSP Auditor Burp Plugin](https://raw.githubusercontent.com/GoSecure/csp-auditor/master/demo.gif)
Configuration builder:
![CSP Auditor Burp Plugin](https://raw.githubusercontent.com/GoSecure/csp-auditor/master/demo2.gif)
## Building the plugin
Type the following command:
```
./gradlew build
```or if you have already Gradle installed on your machine:
```
gradle build
```## Read more
For more context around Content-Security-Policy and how to apply it to your website see our blog posts on the topic:
* http://gosecure.net/2017/07/20/building-a-content-security-policy-configuration-with-csp-auditor
* https://gosecure.net/2016/06/28/auditing-csp-headers-with-burp-and-zap/