Need help with CSP-Bypass?
Click the “chat” button below for chat support from the developer who created it, or find similar developers for support.

About the developer

141 Stars 37 Forks 24 Commits 3 Opened issues


A Burp Plugin for Detecting Weaknesses in Content Security Policies

Services available


Need anything else?

Contributors list

No Data

CSP Bypass

This is a Burp plugin that is designed to passively scan for CSP headers that contain known bypasses as well as other potential weaknesses.

CSP Bypass


Jython Setup

  1. Download the latest standalone Jython 2.7.x .jar file
  2. In Burp select
    and then the
    tab, under the Python Environment heading click
    Select File ...
    and browse to the Jython .jar file

CSP Bypass Plugin Setup

  1. Execute the
    script, you should see a
    file appear
  2. In Burp select
    and then the
  3. Click
    in the window that appears, select
    from the
    Extension Type
    dropdown menu
  4. Click
    Select File ...
    next to
    Extension File
    and select the generated
  5. Click
    and you're done!

Report Bypasses in Common Domains

To add bypasses simply edit with a domain, and an example payload or description of the bypass. Be sure to use the full domain, the plugin will match wildcards (e.g. if a policy allows

it will match against
). Submit a pull request to get your bypass in the main repository!

We use cookies. If you continue to browse the site, you agree to the use of cookies. For more information on our use of cookies please see our Privacy Policy.