Burp community forum

Burp Suite Scanner - SSRF detection

Matt | Last updated: Aug 02, 2019 04:43PM UTC

Hi, With the recent Capital One breach, the SSRF vulnerability has been highlighted as a potential cause/method of the breach. My question is, does either the Burp Suite Pro or Enterprise version automatically detect SSRF while scanning? From what i can find in my research, it appears that you can only detect this with Burp Suite manually

Liam, PortSwigger Agent | Last updated: Aug 05, 2019 07:51AM UTC

Yes, Burp scans for SSRF, the scan check is called Out-of-band resource load (HTTP). - https://portswigger.net/kb/issues/00100a00_out-of-band-resource-load-http Please let us know if you need any further assistance.

You need to Log in to post a reply. Or register here, for free.