Burp Suite User Forum

Create new post

Active Scan configuration taken when scan request insered into the queue and not when scan start

Maurizio | Last updated: Apr 30, 2017 03:45PM UTC

Hi everybody, I did some test and seems that currently the active scan configuration is used to generate test cases when the scanner start to execute the tests on a specific request. That mean if you have a long queue and you change in the mean time the scanner options these changes will impact in the future inserted request and also in the one already inserted into the queue and not yet started. Currently for my understanding is not possible to insert 100 request tested only for SQL injection and then others 100 request for XSS, because changing the scanner configuration will impact also for the previous inserted items and everything will be scanned for XSS only. I think that you have save the configuration options when the item is inserted into the active scan queue, in this way the user is able to change the configuration if needed. I checked also the documentation and there is no information about this behavior, I suggest to update it or better to disable scan configuration changes is the queue is not empty. Maurizio

PortSwigger Agent | Last updated: May 02, 2017 08:05AM UTC

You are right that there is currently a single configuration for the scanner, and this is applied at the time that each item in the scan queue is scanned. We will consider this request to support different configurations for different items in the scan queue.

Burp User | Last updated: May 02, 2017 10:43AM UTC

We are planning to develop a plugin that need this feature, you thing that you will implement this feature in short time or long time? I'm asking that because otherwise we will implement another scanning queue internal to the plugin. Thank you. Maurizio

PortSwigger Agent | Last updated: May 02, 2017 10:51AM UTC

This is not in our immediate roadmap, so it sounds like it is worth you developing the plugin.

You must be an existing, logged-in customer to reply to a thread. Please email us for additional support.