Burp Suite User Forum

Login to post

Add more personal data to grep for in responses

Dirk | Last updated: Jun 10, 2021 04:19PM UTC

Hi, IIRC Burpsuite looks for CC numbers und SSNs. How about IBANs as a general pattern. Also maybe a configurable pattern (regex or simple) that can be saved and reused would be great. I stumbled over an application e.g. which leaks data into the browser (not visible in the UI). It's personal data which shouldn't be permitted to be transferred to the client at this point.

Uthman, PortSwigger Agent | Last updated: Jun 11, 2021 07:21AM UTC

Hi Dirk, To clarify, would you be interested in a new scan check to detect IBANs? In terms of custom scan checks (with configurable regex patterns), you can use the 'Burp Bounty, Scan Check Builder' extension or create your own. - https://portswigger.net/bappstore/618f0b2489564607825e93eeed8b9e0a - https://portswigger.net/burp/extender - https://github.com/PortSwigger/example-scanner-checks

You need to Log in to post a reply. Or register here, for free.