Research Academy
My account Customers About Blog Careers Legal Contact Resellers
The Burp Suite User Forum was discontinued on the 1st November 2024.

Burp Suite User Forum

For support requests, go to the Support Center. To discuss with other Burp users, head to our Discord page.

SUPPORT CENTER DISCORD

Burp Live Scan Payload Modification

Wesley | Last updated: Nov 16, 2020 08:22PM UTC

I am running a live scan against a system and it comes back with OS Command Injection, and the payload used a sleep time of 20 seconds. I would like to increase the 20 seconds to around 1.5 minutes. I believe it comes back with OS Command Injection because of a network issue and I don't believe the OS Command Injection is a false positive. If there is any way to modify this sleep time, your help is greatly appreciated! Thanks in advance. Wesley

Ben, PortSwigger Agent | Last updated: Nov 17, 2020 11:00AM UTC

Hi Wesley, This sounds like something that you could check manually in order to fine tune both the parameters being used and confirm whether or not Burp has discovered a genuine issue. There are some details on how to manually test for OS command injections on the following page: https://portswigger.net/support/using-burp-to-test-for-os-command-injection-vulnerabilities

Wesley | Last updated: Nov 17, 2020 02:20PM UTC

Hi Ben, This is not a manual test, this is a live scan. But I'm guessing from your response, there is no way to modify the payloads for a live scan.

Wesley | Last updated: Nov 17, 2020 02:21PM UTC

Hi Ben, This is not a manual test, this is a live scan. But I'm guessing from your response, there is no way to modify the payloads for a live scan.

Ben, PortSwigger Agent | Last updated: Nov 18, 2020 10:55AM UTC