This extension integrates Crawljax, Selenium and JUnit together. The intent of this extension is to aid web application security testing, increase web application crawling capability and speed-up complex test-cases execution.
- Install the BurpCSJ extension into Burp.
- Choose the URL item from any Burp tab (e.g. target, proxy history, repeater).
- Right click on the URL item.
- Choose menu item "Send URL to Crawljax".
- Crawljax will automatically start crawling the URL that you choose.
- Java 1.7.
- A modern browser installed (e.g. Firefox 34.x).
- If you intend to use JUnit, then you would need JDK to compile classes and Selenium IDE to export JUnit test cases.
- Enough memory when starting Burp if you also want to use BurpCSJ (recommended to use a 64bit env)
If you are planning to use Chrome, IE or PhantomJS browsers you would need the following drivers/executables:
- Chrome driver: https://code.google.com/p/chromedriver/downloads/list
- IE Driver: https://code.google.com/p/selenium/downloads/list
- PhantomJS download: http://phantomjs.org/download.html
- For a simple tutorial: http://blog.malerisch.net/2013/09/burpcsj-tutorial-using-crawljax.html
- Dealing with authentication: http://blog.malerisch.net/2014/08/burpcsj-dealing-with-authentication.html
- Windows 7 with Java(TM) SE Runtime Environment (build 1.8.0_25-b18) and Burp Pro 1.6.09
- OS X Mavericks with Java(TM) SE Runtime Environment (build 1.7.0_67-b01) and Burp Pro 1.6.05
- Kali Linux with OpenJDK Runtime Environment (IcedTea 2.5.1) (7u71-2.5.3-2) and Burp Suite Free 1.6
- If you intend to use BurpCSJ when crawling over HTTPS, then it is recommended to use Firefox or Chrome browsers.
- There are issues with Remote WebDriver and browsers such as PhantomJS or IE.
- Also, there is an issue using the 64bit IE Driver (recommended to use the 32bit one instead).
- When a crawling session is started and you need to interrupt for any reason, the browser driver might not close properly, so you might decide to kill it.
|Author||Roberto Suggi Liverani|
|Last updated||23 March 2015|
You can install BApps directly within Burp, via the BApp Store feature in the Burp Extender tool. You can also download them from here, for offline installation into Burp.
Please note that extensions are written by third party users of Burp, and PortSwigger Web Security makes no warranty about their quality or usefulness for any particular purpose.