In a previous post we discussed the merits of using JavaScript source maps inside the browser to assist in debugging and web application penetration testing. Today we are delighted to announce the publication of a new Burp Suite App (BApp) called Source Mapper. This tool is free to all users of Burp Suite and can be downloaded directly from the BApp Store within Burp, or manually via GitHub.

It has become common place for JavaScript and CSS files to be “minified” in order to reduce the amount of data transfer required when a user visits a web application. This is particulalrly likely when the web application is a Single Page Application (SPA) or other heavy user of client-side code. Unfortunately, minification makes the code very difficult to debug. The process of minification removes all functionally-unnecessary whitespace and reduces variable and function names to as short a value as possible, often down to a single character.

The plugin is relatively simple, it injects a fragment of code into any JavaScript files it detects which causes the browser to request the script’s source map file. Once the browser requests the source map file, the plugin checks to see if one has been provided by the server. If it hasn’t been provided, the plugin checks to see if it has one locally and then injects it if it can!

Download the plugin now and get debugging!