Research Academy
My account Customers About Blog Careers Legal Contact Resellers
The Burp Suite User Forum was discontinued on the 1st November 2024.

Burp Suite User Forum

For support requests, go to the Support Center. To discuss with other Burp users, head to our Discord page.

SUPPORT CENTER DISCORD

[Burp Professional] I believe that scanner should report all issues.

KAISE | Last updated: Jul 30, 2021 01:22AM UTC

Hi there, I believe that scanner should report all issues. Scanner doesn't report previously found issues for now if same URL path and parameter name. Why does scanner not report that? However there should be the request are different response depends on the parameter value even if that request has same URL and parameter name. I will be glad if you add a new option like a ON/OFF switch for previously found issues report or not. Thanks, KAISE

Ben, PortSwigger Agent | Last updated: Jul 30, 2021 08:29AM UTC

Hi Kaise, If you scan the same site twice, using the same Burp project file, then Burp will not report on any vulnerabilities that have already been discovered as a result of the previous scan - this behaviour is by design. You should still be able to view the Site map (under Target -> Site map) of the host in question to see a list of all the issues discovered, as a result of all of your testing activities, for that particular site.

KAISE | Last updated: Aug 06, 2021 01:50AM UTC

Hi Ben, Thank you for replying. > You should still be able to view the Site map (under Target -> Site map) of the host in question to see a list of all the issues discovered, as a result of all of your testing activities, for that particular site. - I tried this but isn't listed all the issues discovered. As I remember that the previous old version of burp have been able to report all issues even if same URL and same parameter name (insertion point number). Thanks KAISE

Ben, PortSwigger Agent | Last updated: Aug 06, 2021 08:20AM UTC