Burp Suite User Forum

Login to post

Active Scan by Method

kerwin | Last updated: Nov 25, 2021 09:15PM UTC

Is there a way to run an active scan that doesnt make requests with specific methods: such as post, put, patch, to avoid creating junk data on the target site

Liam, PortSwigger Agent | Last updated: Nov 26, 2021 11:58AM UTC

This is possible using the Reshaper extension: - https://portswigger.net/bappstore/7bcec7656b5746e9a85c427f243e6d5a You will need to change the ‘From Tool’ to reflect the setting you want. Alternatively, you can import a JSON file under Reshaper > Settings > Import Data (adjusting the HTTP method as required). We used this in our testing: {"rules":[{"whens":[{"@class":".WhenFromTool","negate":false,"useOrCondition":false,"tool":"Scanner"},{"@class":".WhenEventDirection","negate":false,"useOrCondition":false,"dataDirection":"Request"},{"@class":".WhenMatchesText","negate":false,"useOrCondition":false,"identifier":{"text":"","variables":[]},"sourceText":{"text":"","variables":[]},"matchText":{"text":"POST","variables":[]},"messageValue":"HttpRequestMethod","messageValueType":"Text","messageValuePath":{"text":"","variables":[]},"matchType":"Equals","useMessageValue":true}],"thens":[{"@class":".ThenDrop","dropMessage":true}],"enabled":true,"autoRun":true,"name":"test-drop-reqs-specific-method"}],"variables":[]}

You need to Log in to post a reply. Or register here, for free.