██████╗ ███████╗██████╗ ██████╗ ███╗ ███╗
██╔══██╗██╔════╝██╔══██╗██╔═══██╗████╗ ████║
██████╔╝█████╗ ██║ ██║██║ ██║██╔████╔██║
██╔══██╗██╔══╝ ██║ ██║██║ ██║██║╚██╔╝██║
██║ ██║███████╗██████╔╝╚██████╔╝██║ ╚═╝ ██║
╚═╝ ╚═╝╚══════╝╚═════╝ ╚═════╝ ╚═╝ ╚═╝
A Burp Suite extension that brings full DOM rendering capabilities directly into Burp, enabling effective security testing of modern JavaScript-heavy applications built with frameworks like ReactJS, VueJS, Angular, and more.
- Captures fully-rendered DOM after JavaScript execution
- Analyzes Single Page Applications (SPAs) built with React, Vue.js, Angular, etc.
- Integrates as a custom response tab in Burp Repeater
- Auto-render option for automatic DOM capture
- Configurable Chrome connection and rendering parameters
- Burp Suite Professional/Community
- Chrome/Chromium browser
-
Build the extension:
mvn clean package
-
Load
target/reDOM.jarin Burp Suite (Extensions → Add)
-
Start a Chromium based browser with remote debugging:
chromium -proxy-server=localhost:8080 --remote-debugging-port=9222 --user-data-dir=/tmp/redom --ignore-certificate-errors
-
In Burp, go to reDOM settings tab and click "Connect to Chrome"
-
The extension will spawn a minimized browser window for rendering
-
Send a request to Repeater and switch to the "DOM Render" tab
-
Click "Render in Browser" or enable "Auto render" for automatic rendering
Available settings:
- Chrome Host/Port: Connection details (default: localhost:9222)
- CDP Command Timeout: WebSocket command timeout in seconds (default: 30)
- Page Load Timeout: Maximum time to wait for page load (default: 30)
- Render Delay: Additional wait time after page load in ms (default: 1000)
- Auto Render: Automatically render when tab opens
- Minimized Window: Start the Chrome rendering window minimized
MIT License