Research Academy
My account Customers About Blog Careers Legal Contact Resellers
The Burp Suite User Forum was discontinued on the 1st November 2024.

Burp Suite User Forum

For support requests, go to the Support Center. To discuss with other Burp users, head to our Discord page.

SUPPORT CENTER DISCORD

Burp Infiltrator

Poonam | Last updated: Nov 22, 2016 07:18AM UTC

I have patched the burp infiltrator and a file named infiltrator.config is also present. But while scanning I am not getting the issues reported by infiltrator.

PortSwigger Agent | Last updated: Nov 22, 2016 10:47AM UTC

Please can you give some more details: 1. Which platform are you patching (Java or .NET)? 2. Did the Infiltrator installer output any errors during the patching process? 3. Are you able to run the Collaborator health check using Burp on both the scanning machine and the machine hosting the application? 4. Is the application definitely using some APIs related to issues like SQLi, command injection, file access, and did you cause the relevant code paths to execute during your scan?

Burp User | Last updated: Nov 22, 2016 10:55AM UTC

I am using the Webgoat application which was given in your article "Using Burp Infiltrator". The infiltrator installer did not give any error. Yes I am able to run the burp collaborator health check.

PortSwigger Agent | Last updated: Nov 22, 2016 11:05AM UTC

Ok, as you can see from the steps in our article, when the Infiltrator has been correctly installed in the WebGoat application, and a default Burp scan is run against the whole application, then some Infiltrator issues are reported in Burp. Please can you try again, ensuring that the whole of the WebGoat application is being patched, that you have default options for your Burp scan, and that you spider and then scan the entire WebGoat application?

Burp User | Last updated: Nov 23, 2016 12:25PM UTC

Is it mandatory to spider the application?

PortSwigger Agent | Last updated: Nov 23, 2016 01:37PM UTC