I originally created the "InsecureContentSecurityPolicy.bcheck" file back in October 2023 due to Burp Suite not possessing native CSP scanner rulesets outside of referencing "frame-ancestors" for Clickjacking attacks.
Yet as of March 1st, it appears that Burp Suite has added CSP rulesets to the native scanner.
Meaning this BCheck has now been made mostly arbitrary.
However, I would like to keep this BCheck as publicly accessible so that anyone using 2023 versions of Burp can still retain these custom rulesets.
For example, my own company's AppSec team needs to go through a timely process when making version requests for native app tools.
We can't even download new Burp versions nor plugins without manual installation.
Even beyond this particular CSP BCheck, this same scenario may emerge for other BChecks after future updates to the Burp Suite scanner.
I would hence like an "archived" directory be set which contains BChecks for any rulesets made arbitrary by additions/modifications to Burp's own built-in rulesets.
I have also added a small section in the readme.md file to reference this directory, but please feel free to change the wording if necessary.
Hello,
I originally created the "InsecureContentSecurityPolicy.bcheck" file back in October 2023 due to Burp Suite not possessing native CSP scanner rulesets outside of referencing "frame-ancestors" for Clickjacking attacks.
Yet as of March 1st, it appears that Burp Suite has added CSP rulesets to the native scanner.
However, I would like to keep this BCheck as publicly accessible so that anyone using 2023 versions of Burp can still retain these custom rulesets.
Even beyond this particular CSP BCheck, this same scenario may emerge for other BChecks after future updates to the Burp Suite scanner.
I would hence like an "archived" directory be set which contains BChecks for any rulesets made arbitrary by additions/modifications to Burp's own built-in rulesets.
Thank you for reading,