Research Academy
My account Customers About Blog Careers Legal Contact Resellers
The Burp Suite User Forum will be discontinued on the 1st November 2024.

Burp Suite User Forum

For support requests, go to the Support Centre. To discuss with other Burp users, head to our Discord page.

SUPPORT CENTRE DISCORD

Create new post

Active scan creates thousands records in my DB.

Giovanni | Last updated: Oct 11, 2024 06:36AM UTC

Hi. I have a problem when I run a test that has a record insertion function. When I launch the Active scan it creates thousands of real records in the DB. I think that Burp is a "simulator" of hackers and as such should not really alter the content of a DB, it must "simulate" the creation of a record but then it must delete it or in any case not commit! Is there a way to prevent this from happening? Thanks

Ben, PortSwigger Agent | Last updated: Oct 11, 2024 08:16AM UTC

Hi Giovanni, Like any security testing software, Burp contains functionality that can damage target systems. Testing for security flaws inherently involves interacting with targets in non-standard ways that can cause problems in some vulnerable targets. You should take due care when using Burp, read all documentation before use, back up target systems before testing, and not use Burp against any systems for which you are not authorized by the system owner, or for which the risk of damage is not accepted by you and the system owner. If you are running a scan against functionality within a site that allows for changes in the database to be made (a form that allows you to create users, for example) then Burp will test against that input. If you do not wish for this to happen then the likelihood is that you would need to exclude that area of the site from your automated testing.

You must be an existing, logged-in customer to reply to a thread. Please email us for additional support.