Professional DAST

CKEditor Passive Scanner

CKEditor Passive Scanner detects CKEditor installations (v4.x and v5.x) in HTTP responses, extracts version information, and enumerates loaded plugins, all without sending any active requests to the target.

Features

  • Passively identifies CKEditor through response bodies, including JavaScript, CSS, HTML markers, and CKEDITOR.version references
  • Extracts exact version numbers for CKEditor 4 and identifies CKEditor 5 editor types such as Classic, Inline, Balloon, and Decoupled
  • Enumerates loaded plugins discovered in responses, including file uploaders and image processors
  • Calculates the most likely installation base path from observed traffic
  • Reports findings as Information severity issues visible in the Dashboard and Target → Site map
  • Operates entirely passively with no active payloads sent, respecting scope and scanner settings

Usage

  1. Proxy your target applications traffic and browse it normally.
  2. The extension automatically inspects HTTP responses as they pass through the proxy.
  3. Open the Dashboard or navigate to Target → Site map and look for Information severity issues labeled CKEditor Detected (CKEditor 4) or CKEditor Detected (CKEditor 5).
  4. Select an issue to view its details, which include the detected editor type and version, the signature that triggered detection, the calculated base path, and any discovered plugins.

Author

Author

Masoud Zivari (code5ecure)

Version

Version

3.0.0

Rating

Rating

Popularity

Popularity

Last updated

Last updated

16 July 2026

Estimated system impact

Estimated system impact

Overall impact: Empty

Memory
Empty
CPU
Empty
General
Empty
Scanner
Empty

You can install BApps directly within Burp, via the BApp Store feature in the Burp Extender tool. You can also download them from here, for offline installation into Burp.

You can view the source code for all BApp Store extensions on our GitHub page.

Follow @BApp_Store on Twitter to receive notifications of all BApp releases and updates.

Please note that extensions are written by third party users of Burp, and PortSwigger Web Security makes no warranty about their quality or usefulness for any particular purpose.

Go back to BappStore

Note:

Please note that extensions are written by third party users of Burp, and PortSwigger Web Security makes no warranty about their quality or usefulness for any particular purpose.