Software Version Checks Extension for Burp Suite

This Burp Suite plugin passively detects server software version numbers, even during scanning, spidering, etc. It is written completely in Java and takes advantage of the Burp 1.5.x Extender API.

Often the server version is revealed only on error responses, which may not be visible during the normal course of testing. Some examples are:

  • "Apache Tomcat/6.0.24 - Error report"
  • "Server: Apache/2.2.4 (Unix) mod_perl/2.0.3 Perl/v5.8.8"
  • "X-AspNet-Version: 4.0.30319"

I'd be interested in any feedback, please tweet me: @codemagi

Download binary Source code is availabe on GitHub.

Burp Suite 1.5.x required for use.

 

Creative Commons License
Software Version Checks by August Detlefsen is licensed under a
Creative Commons Attribution-NonCommercial-ShareAlike 3.0 Unported License.