reddit hackernews mail facebook facebook linkedin


Collection of scanner checks missing in Burp.

This burp extension implements some passive scanner checks which are missing in Burp suite:

- DOM-based XSS
- Missing HTTP headers
- Strict-Transport-Security
- X-Content-Type-Options: nosniff
- X-XSS-Protection
- Multiple occurrences of the checked headers
- Redirection from HTTP to HTTPS

All checks can be enabled separately in an own extension tab and a default config can be stored.