Burp Suite User Forum

Create new post

Accessing Requests of Audit issue with No Response in Burp Suite Using an Extension

Muhammed | Last updated: Apr 16, 2024 12:08PM UTC

I have an issue detected by the issue handler in Burp Suite, where a time-based SQL Injection vulnerability is identified but there's no response in the issue details, only a request. How can I access this request using an extension? Is there a specific extension or API method in Burp Suite that can help me retrieve and analyze this request? I'm able to see request on the GUI but I need to access it with extension features or something like that. Here my handler. private class MyAuditIssueListenerHandler implements AuditIssueHandler { @Override public void handleNewAuditIssue(AuditIssue auditIssue) { if(auditIssue.httpService().host().equals("tempdomain")) { logging.logToOutput("New scan issue: " + auditIssue.name()); logging.logToOutput("New scan issue: " + auditIssue.baseUrl()); logging.logToOutput("New scan issue: " + auditIssue.httpService().); //logging.logToOutput("New scan issue: " + auditIssue.toString()); if (!auditIssue.requestResponses().isEmpty()) { if (auditIssue.requestResponses().get(0).request().hasHeader("X-Scan-ID")) { logging.logToOutput(auditIssue.requestResponses().get(0).request().header("X-Scan-ID").value()); audits.get(auditIssue.requestResponses().get(0).request().header("X-Scan-ID").value()). add(auditIssue); } } logging.logToOutput("*****************************************"); } } }

Hannah, PortSwigger Agent | Last updated: Apr 17, 2024 03:11PM UTC


An AuditIssueListener will look at new AuditIssues as they come in.

It sounds like you would probably be better off using registerContextMenuItemsProvider() with the ContextMenuItemsProvider.provideMenuItems(AuditIssueContextMenuEvent event) function.

This would allow you to retrieve details about an audit issue from a right-click on the issue in Burp.

You must be an existing, logged-in customer to reply to a thread. Please email us for additional support.