Burp Suite User Forum

Create new post

Custom Extension for Whitelisting

Jamel | Last updated: Jan 29, 2020 11:22AM UTC

Burp Suite Pro v1.7.23 Is it possible to skip a certain link/URL for specific checks (e.g. CSRF, SQL Injection) during a scan, while remaining them ticked in Scanner Options? So for better visualization, I'll provide a scenario: In my web app, I have an API that doesn't check for CSRF Token. After the scan, Burp flagged that API as vulnerable to CSRF Attack. After that, I thought of creating custom Extension that will whitelist that API to CSRF Token, but I have no idea if this is achievable. Thanks!

Hannah, PortSwigger Agent | Last updated: Jan 29, 2020 11:25AM UTC

Are you saying that these issues being reported are false positives? If so, have you tried right-clicking on the issue and marking it as a false positive? Would you be able to explain a bit more about what functionality you are trying to provide?

You must be an existing, logged-in customer to reply to a thread. Please email us for additional support.