This plugin provides:
- a readable view of CSP Headers in Response Tab
- passive scan rules to detect weak CSP configuration
- a CSP configuration generator based on the Burp crawler or using manual browsing
This project is packaged as a ZAP and Burp plugin.
Last updated : August 3th 2017
Passive rules and custom tab:
Configuration builder:
Type the following command:
./gradlew build
or if you have already Gradle installed on your machine:
gradle build
For more context around Content-Security-Policy and how to apply it to your website see our blog posts on the topic: