This is a Burp plugin that is designed to passively scan for CSP headers that contain known bypasses as well as other potential weaknesses.
- Download the latest Jython 2.7.x .jar file
- In Burp select
Extender
and then theOptions
tab, under the Python Environment heading clickSelect File ...
and browse to the Jython .jar file
- Execute the
build-plugin.sh
script, you should see acsp-bypass-plugin.py
file appear - In Burp select
Extender
and then theExtensions
tab - Click
Add
in the window that appears, selectPython
from theExtension Type
dropdown menu - Click
Select File ...
next toExtension File
and select the generatedcsp-bypass-plugin.py
file - Click
Next
and you're done!