Welcome to the CSPT Burp Suite extension, a tool that provides advanced capabilities and automation for finding and exploiting Client-Side Path Traversal.
This extension is a Burp Suite Passive Scanner. It reads your proxy history and looks for query parameters reflected inside the path of any other query. Please note that it will not find any DOM-based or stored CSPT until you use the canary token feature.
We appreciate your trust in this extension. Happy testing!
The CSPT user interface is equipped with two primary components: the CSPT Tab and the False Positive List.
This tab is the core of the extension.
If you have identified a CSPT, you will want to find exploitable sinks. The extension can help you to do it by right-clicking on a sink to "Send sinks(host/method) To Organizer".
Note: Now that Bambdas are implemented in Burp Proxy, this may be a more convenient way to find sinks.
To successfully install the CSPT extension, ensure you meet the following requirements:
Burp:
Java:
$ sudo apt install -y openjdk-17-jdk
$ java --version
openjdk 17.0.6 2023-01-17
$ git clone https://github.com/doyensec/CSPTBurpExtension
$ cd CSPTBurpExtension
$ ./gradlew build
Load the file build/CSPTBurpExtension.jar
into Burp as a Java extension.
The CSPT Burp Extension uses IntelliJ Forms for its UI. The .form
files contain the actual UI layouts, while the associated .java
files are partially auto-generated and the UI methods should not be modified directly, as all modifications are lost at compile time.
While developing, to make sure IntelliJ IDEA generates updated .java
files, set it as follows:
Settings
> Build, Execution, Deployment
> Build Tools
> Gradle
and set Buiild and run using:
to IntelliJ IDEA
Settings
> Editor
> GUI Designer
and set Generate GUI into:
to Java source code
After editing a form, if the Java file is not generated automatically, click on Build
> Recompile <file>.form
while in form editor.
CSPT Burp Extension thrives on community contributions. Whether you're a developer, researcher, designer, or bug hunter, your expertise is invaluable to us. We welcome bug reports, feedback, and pull requests. Your participation helps us continue to improve the extension, making it a stronger tool for the community.
Interactions are best carried out through the GitHub issue tracker, but you can also reach us on social media (@Doyensec). We look forward to hearing from you!
A special thanks to our contributors. Your dedication and commitment have been instrumental in making this extension what it is today.
Current:
This project was made with support of Doyensec.