Research Academy
My account Customers About Blog Careers Legal Contact Resellers
The Burp Suite User Forum was discontinued on the 1st November 2024.

Burp Suite User Forum

For support requests, go to the Support Center. To discuss with other Burp users, head to our Discord page.

SUPPORT CENTER DISCORD

burp setting

afs | Last updated: Nov 02, 2019 04:10AM UTC

I use burp professional version, I click new scan task, it asks me to define crawling and auditing parameter, I use default setting, i can't find xss and csrf, so any parameter need to be changed in audit setting so we can discover csrf and stored xss?

Burp User | Last updated: Nov 02, 2019 04:10AM UTC

I use burp 2.1

Mike, PortSwigger Agent | Last updated: Nov 04, 2019 10:11AM UTC

Hi, once the site has been crawled, the audit phase then scans and detects potential vulnerabilities. All issue types including CSRF & XSS (Stored) are enabled by default so it should work out of the box. Have you verified manually that those vulnerabilities are present in your target application?

Burp User | Last updated: Nov 05, 2019 12:59AM UTC

we manually verify 15 reflect .xss, 5 dom based xss, 20 stored xss and 26 csrf issues for one website, using default auditing and crawling setting, burp only detect 5 dom based xss. pls advice which setting need to be added

Mike, PortSwigger Agent | Last updated: Nov 06, 2019 08:41AM UTC