Burp Suite User Forum

Login to post

Carbonator scans not accurate

Alex | Last updated: Aug 02, 2019 04:34AM UTC

I just downloaded Carbonator extender through bapp and have use the command ./burpscan.sh http 80 /DVWA/vulnerabilities/ This launched burp UI and I checked that the scan does not detect SQL Injection, XSS or any other vulnerabilities. But when I use the manual way of proxy and sending it to active scanner it was able to detect those vulnerabilities. Is there any way in fixing this issue as I am trying to automate the scan through a shell script using carbonator.

Liam, PortSwigger Agent | Last updated: Aug 02, 2019 07:30AM UTC

Extensions are created by third party developers. Have you tried contacting the author? - https://github.com/portswigger/carbonator

Burp User | Last updated: Aug 05, 2019 04:32AM UTC

Yes I've contacted them but did not get back to me

You need to Log in to post a reply. Or register here, for free.