As part of my research and talk titled "Augmented Reality in your web proxy" presented during the HackPra AllStars program / OWASP AppSec EU 2013 security conference in Hamburg, I decided to release a new Burp Pro extension which integrates Crawljax, Selenium and JUnit.
BurpCSJ extension in action:
I decided to take this approach to increase application spidering coverage (especially for Ajax web apps), speed up complex test-cases and take advantage of the Burp Extender API.
- BurpCSJ extension JAR - download (all dependencies included)
- BurpCSJ source code - github
- "Augmented Reality in your web proxy" - presentation (slideshare)
- Download BurpCSJ;
- Load BurpCSJ extension jar via the Extender tab;
- Choose the URL item from any Burp tab (e.g. target, proxy history, repeater);
- Right click on the URL item;
- Choose menu item "Send URL to Crawljax";
- Crawljax will automatically start crawling the URL that you choose.