Research Academy
My account Customers About Blog Careers Legal Contact Resellers
The Burp Suite User Forum was discontinued on the 1st November 2024.

Burp Suite User Forum

For support requests, go to the Support Center. To discuss with other Burp users, head to our Discord page.

SUPPORT CENTER DISCORD

Additional step for scanner options when launching active scanner.

Claudio | Last updated: Mar 06, 2015 10:59AM UTC

It would be awesome to have an additional step when launching an active scan, for configuring what are the parameters that we want to scan without have to mess with the general config. For example: Lets say that for this scan I only want to test MySQL SQL Injections in URL parameters or only want to test for XSS in Body Parameters.

PortSwigger Agent | Last updated: Mar 09, 2015 10:55AM UTC

Thanks for this request. We do plan to support per-item configuration in future, so you'll be able to configure specific insertion points or scan checks for specific items that are sent for scanning. We can't currently provide an ETA for this feature, sorry.

Burp User | Last updated: Mar 11, 2015 03:49PM UTC

Is this still planned ?

PortSwigger Agent | Last updated: Mar 12, 2015 08:59AM UTC

Yes, our plans haven't changed in the last 3 days!

Burp User | Last updated: Mar 13, 2015 02:21PM UTC

Thnks for the feedback Dafydd.

Burp User | Last updated: Mar 30, 2015 03:29PM UTC

You may already know OP, but you can do this on a per-request basis. Just send your request(s) to intruder and mark which parameters you want to active scan, then right click the request and select 'Actively scan your defined insertion points' from the context menu. Obviously this only handles one request at a time which may be tedious especially when you want to active scan an entire application, but I find it works really well to avoid useless/duplicate active scan requests, and allows me as a tester to use my own knowledge of the application to determine the best active scanning configuration.

Burp User | Last updated: Sep 14, 2015 11:48AM UTC