Burp Suite User Forum

Login to post

Active Scan

j2c | Last updated: Aug 03, 2022 05:22PM UTC

Is there a way to configure active scanning to avoid tampering with specified parameters? Such as viewstate or session cookies or other headers? I know this can be done with Intruder and am wondering if it can be configured in active scanning.

Ben, PortSwigger Agent | Last updated: Aug 04, 2022 04:32PM UTC

Hi, The auditing configuration settings allow you to configure both the general insertion points that are used during an audit and also to ignore tests for certain parameters - the following screenshots illustrate these settings within the audit configuration: https://snipboard.io/LER2nc.jpg Do these settings allow you tune Burp's behaviour in the manner in which you require?

You need to Log in to post a reply. Or register here, for free.