Research Academy
My account Customers About Blog Careers Legal Contact Resellers

Burp Suite User Forum

Create new post

Cannot scan over 20 sites

Chris | Last updated: Apr 25, 2020 07:25PM UTC

Consider this: 50 sites on Target->Sitemap. Select all the sites, right-click -> scan -> "open scan launcher". The "URLs to scan" is empty. In order to encounter that I go back to sitemap, select all the sites, "copy selected URLS", and go to URLs to scan and copy them there, but again this time all the hundreds of sub URLs are appeared. So most of the times the solution is to manually enter all the URLs manually or 20 by 20. This is not efficient. This bug appears only if I select more than 20 sites.

Hannah, PortSwigger Agent | Last updated: Apr 27, 2020 07:59AM UTC

Hi Could you tell me the version of Burp Suite Professional you are using? Has this behavior changed since previous versions, or has it always limited you to 20 URLs? When you enter them manually, are you able to input more than 20? Have you tried using the BApp "Subdomain extractor" to copy the URLs? Thank you.

Chris | Last updated: Apr 27, 2020 09:54AM UTC

Hi, v2020.2.1 this limitation probably introduced with the v2 of burp. Why don't you try yourself? It is very easy to test. yes what "Subdomain extractor" has to do with my problem?

Hannah, PortSwigger Agent | Last updated: Apr 27, 2020 10:07AM UTC

If you select the collapsed list of domains in your sitemap, and then use Subdomain Extractor on them, it will copy the list straight to your clipboard. It doesn't copy the hundreds of sub-URLs that you didn't want to have to filter through. If it doesn't quite work how you want it to, the code is publicly available on GitHub, so you could fork the repository and modify it further to fit your needs. https://github.com/PortSwigger/burp-subdomain

Chris | Last updated: Apr 27, 2020 10:50AM UTC

Why you insisting on a plugin? The problem is in the code of burp. It should be allow us to scan more than 20 sites with just rightclick->scan.

Hannah, PortSwigger Agent | Last updated: Apr 27, 2020 11:22AM UTC

I have been able to replicate your issue and will be investigating this further. In the meantime, the plugin is suggested as a workaround for your issue.

Chris | Last updated: Apr 27, 2020 04:24PM UTC

Thank you very much Hannah!

Hannah, PortSwigger Agent | Last updated: Apr 30, 2020 08:24AM UTC

Thank you for your patience. We have investigated this and put in a ticket to fix this inconsistency. Unfortunately, we cannot provide an ETA for when this will be put in place. Please let us know if you need any further assistance.

You must be an existing, logged-in customer to reply to a thread. Please email us for additional support.