Burp Suite User Forum

Login to post

Dominvader removes CSP even if the plugin is turned off

TightropeMonkey | Last updated: Feb 24, 2023 09:36AM UTC

Hi Portswigger Team, I have a weird behavior in Burp Suite Pro v2023.1.2 Build 18945. When I am using the integrated chromium the dominvader plugin removes the CSP even though dominvader itself and prototype pollution is turned off. Only the "Remove CSP Header" is on, but in my understanding this should be disabled automatically as soon as I disable prototype pollution or dominvader itself. Could you please have a look into this? Thanks and cheers, TightropeMonkey

Hannah, PortSwigger Agent | Last updated: Feb 27, 2023 09:45AM UTC

Hi TightropeMonkey Unfortunately, this is a bug in DOM Invader - we've linked this forum thread to our bug ticket so that we can notify you when this gets resolved. In the meantime, we recommend disabling the "CSP bypass" option in DOM Invader when you don't want this to be bypassed. Please let us know if you need any further assistance.

You need to Log in to post a reply. Or register here, for free.