Research Academy
My account Customers About Blog Careers Legal Contact Resellers
The Burp Suite User Forum was discontinued on the 1st November 2024.

Burp Suite User Forum

For support requests, go to the Support Center. To discuss with other Burp users, head to our Discord page.

SUPPORT CENTER DISCORD

Accessing Requests of Audit issue with No Response in Burp Suite Using an Extension

Muhammed | Last updated: Apr 16, 2024 12:08PM UTC

I have an issue detected by the issue handler in Burp Suite, where a time-based SQL Injection vulnerability is identified but there's no response in the issue details, only a request. How can I access this request using an extension? Is there a specific extension or API method in Burp Suite that can help me retrieve and analyze this request? I'm able to see request on the GUI but I need to access it with extension features or something like that. Here my handler. private class MyAuditIssueListenerHandler implements AuditIssueHandler { @Override public void handleNewAuditIssue(AuditIssue auditIssue) { if(auditIssue.httpService().host().equals("tempdomain")) { logging.logToOutput("New scan issue: " + auditIssue.name()); logging.logToOutput("New scan issue: " + auditIssue.baseUrl()); logging.logToOutput("New scan issue: " + auditIssue.httpService().); //logging.logToOutput("New scan issue: " + auditIssue.toString()); if (!auditIssue.requestResponses().isEmpty()) { if (auditIssue.requestResponses().get(0).request().hasHeader("X-Scan-ID")) { logging.logToOutput(auditIssue.requestResponses().get(0).request().header("X-Scan-ID").value()); audits.get(auditIssue.requestResponses().get(0).request().header("X-Scan-ID").value()). add(auditIssue); } } logging.logToOutput("*****************************************"); } } }

Hannah, PortSwigger Agent | Last updated: Apr 17, 2024 03:11PM UTC