This extension integrates Crawljax, Selenium and JUnit together. The intent of this extension is to aid web application security testing, increase web application crawling capability and speed-up complex test-cases execution.
- Install the BurpCSJ extension into Burp.
- Choose the URL item from any Burp tab (e.g. target, proxy history, repeater).
- Right click on the URL item.
- Choose menu item "Send URL to Crawljax".
- Crawljax will automatically start crawling the URL that you choose.
- Java 1.7.
- A modern browser installed (e.g. Firefox 34.x).
- If you intend to use JUnit, then you would need JDK to compile classes and Selenium IDE to export JUnit test cases.
- Enough memory when starting Burp if you also want to use BurpCSJ (recommended to use a 64bit env)
If you are planning to use Chrome, IE or PhantomJS browsers you would need the following drivers/executables:
- Chrome driver: https://code.google.com/p/chromedriver/downloads/list
- IE Driver: https://code.google.com/p/selenium/downloads/list
- PhantomJS download: http://phantomjs.org/download.html
- For a simple tutorial: http://blog.malerisch.net/2013/09/burpcsj-tutorial-using-crawljax.html
- Dealing with authentication: http://blog.malerisch.net/2014/08/burpcsj-dealing-with-authentication.html
- Windows 7 with Java(TM) SE Runtime Environment (build 1.8.0_25-b18) and Burp Pro 1.6.09
- OS X Mavericks with Java(TM) SE Runtime Environment (build 1.7.0_67-b01) and Burp Pro 1.6.05
- Kali Linux with OpenJDK Runtime Environment (IcedTea 2.5.1) (7u71-2.5.3-2) and Burp Suite Free 1.6
- If you intend to use BurpCSJ when crawling over HTTPS, then it is recommended to use Firefox or Chrome browsers.
- There are issues with Remote WebDriver and browsers such as PhantomJS or IE.
- Also, there is an issue using the 64bit IE Driver (recommended to use the 32bit one instead).
- When a crawling session is started and you need to interrupt for any reason, the browser driver might not close properly, so you might decide to kill it.
|Author||Roberto Suggi Liverani|
|Last updated||23 March 2015|
You can install BApps directly within Burp, via the BApp Store feature in the Burp Extender tool. You can also download them from here, for offline installation into Burp.
|You can view the source code for this BApp by visiting our GitHub page.|
|Follow @BApp_Store on Twitter to receive notifications of all BApp releases and updates.|
Please note that extensions are written by third party users of Burp, and PortSwigger Web Security makes no warranty about their quality or usefulness for any particular purpose.