https://github.com/weirdmachine64/reDOM
A Burp Suite extension that brings full DOM rendering capabilities directly into Burp, enabling effective security testing of modern JavaScript-heavy applications built with frameworks like ReactJS, VueJS, Angular, and more.
https://github.com/weirdmachine64/reDOM
burp-extensions burpsuite dom-manipulation pentesting websecurity
Last synced: about 1 month ago
JSON representation
A Burp Suite extension that brings full DOM rendering capabilities directly into Burp, enabling effective security testing of modern JavaScript-heavy applications built with frameworks like ReactJS, VueJS, Angular, and more.
- Host: GitHub
- URL: https://github.com/weirdmachine64/reDOM
- Owner: weirdmachine64
- License: mit
- Created: 2025-11-26T12:06:45.000Z (5 months ago)
- Default Branch: main
- Last Pushed: 2025-11-27T19:45:44.000Z (5 months ago)
- Last Synced: 2026-03-07T16:21:45.289Z (about 1 month ago)
- Topics: burp-extensions, burpsuite, dom-manipulation, pentesting, websecurity
- Language: Java
- Homepage:
- Size: 680 KB
- Stars: 12
- Watchers: 0
- Forks: 2
- Open Issues: 0
-
Metadata Files:
- Readme: README.md
- License: LICENSE
Awesome Lists containing this project
- awesome-burp-extensions - reDOM - reDOM is Burp Suite extension that brings full DOM rendering capabilities directly into Burp, enabling effective security testing of modern JavaScript-heavy applications built with frameworks like ReactJS, VueJS, Angular, and more. (Custom Features)
README
# reDOM
```
██████╗ ███████╗██████╗ ██████╗ ███╗ ███╗
██╔══██╗██╔════╝██╔══██╗██╔═══██╗████╗ ████║
██████╔╝█████╗ ██║ ██║██║ ██║██╔████╔██║
██╔══██╗██╔══╝ ██║ ██║██║ ██║██║╚██╔╝██║
██║ ██║███████╗██████╔╝╚██████╔╝██║ ╚═╝ ██║
╚═╝ ╚═╝╚══════╝╚═════╝ ╚═════╝ ╚═╝ ╚═╝
```
A Burp Suite extension that brings full DOM rendering capabilities directly into Burp, enabling effective security testing of modern JavaScript-heavy applications built with frameworks like ReactJS, VueJS, Angular, and more.
## Features
- Captures fully-rendered DOM after JavaScript execution
- Analyzes Single Page Applications (SPAs) built with React, Vue.js, Angular, etc.
- Integrates as a custom response tab in Burp Repeater
- Auto-render option for automatic DOM capture
- Configurable Chrome connection and rendering parameters
## Requirements
- Burp Suite Professional/Community
- Chrome/Chromium browser
## Installation
1. Build the extension:
```bash
mvn clean package
```
2. Load `target/reDOM.jar` in Burp Suite (Extensions → Add)
## Usage
1. Start a Chromium based browser with remote debugging:
```bash
chromium -proxy-server=localhost:8080 --remote-debugging-port=9222 --user-data-dir=/tmp/redom --ignore-certificate-errors
```
2. In Burp, go to reDOM settings tab and click "Connect to Chrome"
3. The extension will spawn a minimized browser window for rendering
4. Send a request to Repeater and switch to the "DOM Render" tab
5. Click "Render in Browser" or enable "Auto render" for automatic rendering
## Configuration
Available settings:
- **Chrome Host/Port**: Connection details (default: localhost:9222)
- **CDP Command Timeout**: WebSocket command timeout in seconds (default: 30)
- **Page Load Timeout**: Maximum time to wait for page load (default: 30)
- **Render Delay**: Additional wait time after page load in ms (default: 1000)
- **Auto Render**: Automatically render when tab opens
- **Minimized Window**: Start the Chrome rendering window minimized
## License
MIT License