Skip to content
/ sri-check Public

A Burp Suite extension for identifying missing Subresource Integrity attributes.

License

GPL-3.0 license
13 stars 6 forks Branches Tags Activity
Star
Notifications You must be signed in to change notification settings

SolomonSklash/sri-check

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

58 Commits
.vscode
.vscode
 
 
screenshots
screenshots
 
 
tests
tests
 
 
.gitignore
.gitignore
 
 
LICENSE
LICENSE
 
 
README.md
README.md
 
 
sri-check.py
sri-check.py
 
 

Repository files navigation

SRI Check

A Burp Suite extension for identifying missing Subresource Integrity attributes.

  • Passive scanner checks create informational issues in Burp Suite
  • Only flags resources from 3rd party domains that do not include the integrity attribute.
  • Written in Python
  • Requires Jython 2.7+
  • Pull requests welcome!

Todo

  • Add support for relative paths
  • Improve regex, especially accounting for the case of script and link tags and spaces in tags
  • Check MIME type of pages to prevent running against images, CSS, etc.
  • Fix possible concurrency issues
  • Account for possible false positives on tags

Screenshots

Example Issue

About

A Burp Suite extension for identifying missing Subresource Integrity attributes.

Resources

Readme

License

GPL-3.0 license
Activity

Stars

13 stars

Watchers

1 watching

Forks

6 forks
Report repository

Releases 6

Version 1.4.0 Latest
Jan 16, 2019
+ 5 releases

Packages

No packages published

Languages