Skip to content

A Burp Suite Extension that adds Header Checks and other helper functionalities

License

Notifications You must be signed in to change notification settings

eonlight/BurpExtenderHeaderChecks

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

8 Commits
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 

Repository files navigation

BurpExtenderHeaderChecks

A Burp Suite Extension that adds Header Checks and other helper features

Features List

  • Passive Scan
    • Searches the response headers for missing security headers:
      • Strict-Transport-Security
      • X-XSS-Protection
      • Content-Security-Policy
      • X-Content-Type-Options
      • X-Permitted-Cross-Domain-Policies
    • Searches the response headers for information disclosure on the server type and version:
      • Server
      • X-Powered-By
      • X-AspNetMvc-Version
      • X-AspNet-Version
      • X-Generator
      • X-Drupal-Cache
      • X-Pingback
      • Liferay-Portal
      • X-Content-Encoded-By
    • If any of the information disclosure headers is found, it will try to infer any of the following software:
      • apache
      • php
      • nginx
      • microsoft-iis
      • joomla
      • wordpress
      • openssl
      • liferay
      • mysql
      • lighttpd
      • postgre
      • drupal
      • tomcat
    • If any of the software is found it will also make a request to the software web page and scrap the latest version
    • Compares the installed / inferred version and reports if the software installed is out-of-date
    • It scraps the CVEdetails website and also reports the CVEs found (if any) for the installed version
  • Active Scan
    • TODO: Future Work
  • Automatic load of a clean, saved burp state whenever burp is started
  • Additional tab on Request / Response Panel with a parsed JSON content
    • Tries to fix the JSON if not in the correct format so it can be parsed
  • Configuration Tab:
    • Add or remove security header to check
    • Add an informational issue if any security header is found
    • Add any information disclosure header to look for
    • Add any software to try and infer
    • Configure the clean state path

Dependencies

  • This extension uses Apache's JSON decoder library (already included in the org.json package)
  • It also requires Java 7

How to install

At the moment it is not in the Burp Ext. Store but you can get the jar file from the releases page on github:

https://github.com/eonlight/BurpExtenderHeaderChecks/releases

  1. Download the extension
  2. Open Burp and go to the Extender tab
  3. Click on the "Add" Button and Select "Java" Extension type
  4. Click on the "Select file" button and select the downloaded .jar file
  5. Click "next" and done!

Future Work

  • Add passive scans that looks in the page's HTML for the server's type and version
  • Add active scan that looks for specific server's files to infer the server's type and version
  • Support the use of a file such as the "whatweb" and "wappalyzer" configs:

About

A Burp Suite Extension that adds Header Checks and other helper functionalities

Resources

License

Stars

Watchers

Forks

Packages

No packages published

Languages