Burp CSJ

This extension integrates Crawljax, Selenium and JUnit together. The intent of this extension is to aid web application security testing, increase web application crawling capability and speed-up complex test-cases execution.

Quick Start:

Install the BurpCSJ extension into Burp.
Choose the URL item from any Burp tab (e.g. target, proxy history, repeater).
Right click on the URL item.
Choose menu item "Send URL to Crawljax".
Crawljax will automatically start crawling the URL that you choose.

Minimum Requirements:

Java 1.7.
A modern browser installed (e.g. Firefox 34.x).
If you intend to use JUnit, then you would need JDK to compile classes and Selenium IDE to export JUnit test cases.
Enough memory when starting Burp if you also want to use BurpCSJ (recommended to use a 64bit env)

If you are planning to use Chrome, IE or PhantomJS browsers you would need the following drivers/executables:

Chrome driver: https://code.google.com/p/chromedriver/downloads/list
IE Driver: https://code.google.com/p/selenium/downloads/list
PhantomJS download: http://phantomjs.org/download.html

Tutorials:

For a simple tutorial: http://blog.malerisch.net/2013/09/burpcsj-tutorial-using-crawljax.html
Dealing with authentication: http://blog.malerisch.net/2014/08/burpcsj-dealing-with-authentication.html

Tested on:

Windows 7 with Java(TM) SE Runtime Environment (build 1.8.0_25-b18) and Burp Pro 1.6.09
OS X Mavericks with Java(TM) SE Runtime Environment (build 1.7.0_67-b01) and Burp Pro 1.6.05
Kali Linux with OpenJDK Runtime Environment (IcedTea 2.5.1) (7u71-2.5.3-2) and Burp Suite Free 1.6

Known Issues:

If you intend to use BurpCSJ when crawling over HTTPS, then it is recommended to use Firefox or Chrome browsers.
There are issues with Remote WebDriver and browsers such as PhantomJS or IE.
Also, there is an issue using the 64bit IE Driver (recommended to use the 32bit one instead).
When a crawling session is started and you need to interrupt for any reason, the browser driver might not close properly, so you might decide to kill it.

Author	Author Roberto Suggi Liverani
Version	Version 1.2
Rating	Rating
Popularity	Popularity
Last updated	Last updated 23 March 2015
Estimated system impact	Estimated system impact Overall impact: Low Memory Low CPU Low General Low Scanner Low

Author

Author

Roberto Suggi Liverani

Version

Version

1.2

Rating

Rating

Popularity

Popularity

Last updated

Last updated

23 March 2015

Estimated system impact

Estimated system impact

Overall impact: Low

Memory

Low

CPU

Low

General

Low

Scanner

Low

You can install BApps directly within Burp, via the BApp Store feature in the Burp Extender tool. You can also download them from here, for offline installation into Burp.

	You can view the source code for all BApp Store extensions on our GitHub page.
	Follow @BApp_Store on Twitter to receive notifications of all BApp releases and updates.

Please note that extensions are written by third party users of Burp, and PortSwigger Web Security makes no warranty about their quality or usefulness for any particular purpose.

Go back to BappStore

Note:

Please note that extensions are written by third party users of Burp, and PortSwigger Web Security makes no warranty about their quality or usefulness for any particular purpose.