BurpSuite Surface Explorer

Please ensure the following requirements are met:

  1. IMPORTANT: Use this application exclusively from Burp Suite's Browser.
  2. Configure Match and Replace rules in Burpsuite to evade some protections:
Type Match Replace Type
Response header X-Frame-Options X-Frame-Options-Disabled Literal
Response header Content-Security-Policy Content-Security-Policy-Disabled Literal
Response header Permissions-Policy: Permissions-Policy-Disabled: Literal
Response header ^Access\-Control\-Allow\-Origin.*$ Regex
Response header Access-Control-Allow-Origin: * Literal

Alternatively, download and import the BurpSuite Project file:


Recommendation: Run with the console inspector enabled.

Configuration