This burp extension implements some passive scanner checks which are missing in Burp suite: * DOM-based XSS (REs are based on those from https://code.google.com/p/domxsswiki/wiki/FindingDOMXSS) * Missing HTTP headers: * Strict-Transport-Security * X-Content-Type-Options: nosniff * X-XSS-Protection * Multiple occurrences of the checked headers. * Redirection from HTTP to HTTPS All checks can be enabled separately in an own extension tab and a default config can be stored. TODO ==== * See TODO markers in the code. * Further possibilities to redirect from HTTP to HTTPS (meta refresh, links, referer checking) * Active scanner check: Actively test directories for listings * Active scanner check: Add parameters like debug, admin, test etc. and check if something interesting appears on the page. * Active Scanner check: Reaction of the web application and server to requests with different/missing host headers.