Research Academy
My account Customers About Blog Careers Legal Contact Resellers

Burp Suite User Forum

Create new post

Burpsuite Enterprise: False Positive findings disappear from scan results

RoastedPeanut | Last updated: Jul 10, 2024 09:30AM UTC

Hi, I'm not sure if this is a bug or a feature but I'm observing the following behaviour when using the Burpsuite Enterprise scanner: When a scan finishes, in the Issues section contains the vulnerabilities found by the scan. If the scan finds vulnerabilities I've previously marked as false positives using the "This issue and all existin gissues with the same type..." option, these vulnerabilities will still appear in the results but with a faded font and a "False positive" tag to be easily differentiated from the new vulnerabilities found. If the newly found vulnerabilities are also false positives and I mark them as such, after I refresh the Issues page, I can no longer see the list of false positives and I can only see a message saying there are no findings (which is not quite correct. There are findings, they're just all false positives). So my questions are: - Is this the expected behaviour from Burpsuite Enterprise's false positives/issues flow? - Is there a way to change this? I find it useful to compare and contrast false positive findings from the previous scan(s) to help me decide how to tackle each new potential false positive found by the scanner. Is there an easy way to access these from the Burpsuite Enterprise interface or is the list forever lost once you mark the final finding as a false positive one? - What is the reasoning behind the list of false positives disappearing after you mark all of them as false positives? - What is the recommended flow when dealing with false positives in this context? ANy recommendations for flows that work would be much appreciated! Many thanks!

Thomas, PortSwigger Agent | Last updated: Jul 10, 2024 03:20PM UTC

Thank you for letting us know about this. It sounds like expected behavior based on the issues fading out. However, I am not sure I fully understand the situation from your description. Can you send an email to support@portswigger.net with supporting screenshots or a screen recording?

RoastedPeanut | Last updated: Jul 10, 2024 04:01PM UTC

Many thanks for your help, I've just emaild the support team.

You must be an existing, logged-in customer to reply to a thread. Please email us for additional support.