This burp extension implements some passive scanner checks which are missing in Burp suite:

• DOM-based XSS (REs are based on those from https://code.google.com/p/domxsswiki/wiki/FindingDOMXSS)

• Missing HTTP headers:

  • Strict-Transport-Security

  • X-Content-Type-Options: nosniff

  • X-XSS-Protection

• Multiple occurrences of the checked headers.

• Redirection from HTTP to HTTPS

All checks can be enabled separately in an own extension tab and a default config can be stored.

TODO

• See TODO markers in the code.

• Further possibilities to redirect from HTTP to HTTPS (meta refresh, links, referer checking)

• Active scanner check: Actively test directories for listings

• Active scanner check: Add parameters like debug, admin, test etc. and check if something interesting appears on the page.

• Active Scanner check: Reaction of the web application and server to requests with different/missing host headers.