Research Academy
My account Customers About Blog Careers Legal Contact Resellers
The Burp Suite User Forum was discontinued on the 1st November 2024.

Burp Suite User Forum

For support requests, go to the Support Center. To discuss with other Burp users, head to our Discord page.

SUPPORT CENTER DISCORD

Bchecks - Passive checks not consistently applied to repeater issued requests + once per path

Victor | Last updated: Oct 15, 2024 11:19AM UTC

Hey there :) We spend a lot of time tinkering in the repeater tab. I saw that, after enabling a passive check, it will not necessarily trigger upon receiving the response from a repeater issued request. Example bcheck : ``` metadata: language: v2-beta name: "Basic reflection for img x" description: "Basic reflection for img x " tags: "passive", "informative" author: "test" given response then if {latest.response} matches "(<img src=x \/>)" then report issue: severity: info confidence: firm detail: "XSS - Reflection of <img src=x> " remediation: "Investigate" end if ``` Example portswigger lab : Reflected XSS into HTML context with nothing encoded : Issue the following request from the repeater : GET /?search=<img+src=x+/> HTTP/2 Host: xxx.web-security-academy.net Also, according to the documentation of passive checks : - https://portswigger.net/burp/documentation/scanner/bchecks/worked-examples/passive > This check enables Burp Scanner to identify responses that disclose an AWS Access Key ID. It is an example of a passive check (that is, a check that inspects traffic passing through Burp without sending any additional requests). > Specifically, the check examines each response for the regular expression AKIA[0-9A-Z]{16} However, it seems only applied once per path and not multiple times which should be the case if the check was actually performed at the last-response level and not per path right ? :)

Hannah, PortSwigger Agent | Last updated: Oct 17, 2024 11:00AM UTC