Research Academy
My account Customers About Blog Careers Legal Contact Resellers

Burp Suite User Forum

Create new post

Burp Pro v2022.2 Are there Scan configuration to prevent auditing same features over and over again

Michael | Last updated: Feb 25, 2022 06:57PM UTC

Is there something in crawl/audit configuration that can avoid crawling/auditing the same features over and over again so it doesn't take 10 days or a month to finish scanning? We have features like a discussion page that have over a thousand discussion topic links where it uses a parameter like discussion.aspx?topicId=199?page=10 discussion.aspx?topicId=200 discussion.aspx?topicId=201 etc They all use the same template and configuration, just loads different text depending on what the user submits. We also have an admin page where there are links to tens of thousands of user account information like accountdetails.aspx?userID=10000 accountdetails.aspx?userID=10001 accountdetails.aspx?userID=99999 etc

Liam, PortSwigger Agent | Last updated: Feb 28, 2022 10:23AM UTC

Michael, in theory, the default configuration should do that. The crawler is designed to find and ignore similar content. However, if that’s not happening, then moving to crawl strategy: fastest, and upping some numbers like unmatched link tolerance may help. You can find the unmatched link tolerance settings in the New Scan > Scan config > New > Crawling > Crawl optimization > Cog icon.

Michael | Last updated: Mar 01, 2022 12:52AM UTC

Thanks for the guidance, I was in that view but didn't really know what it was for when I came across it. That seems very useful for my case. I'll play around with the tolerance and possibly other configurations in there.

Liam, PortSwigger Agent | Last updated: Mar 01, 2022 08:31AM UTC

Thanks, do let us know if those settings are useful.

You must be an existing, logged-in customer to reply to a thread. Please email us for additional support.