Burp community forum

Deleting scanned items

Kunal | Last updated: Sep 14, 2015 06:06PM UTC

In older version of Burp Suite, 'Delete Scanned Items' used to exist. that was helpful in clearing the queue. With latest version, that option is not visible(only Hiding is available). As a result , I have to close and start Burp Suite for every scan to avoid displaying scanned items of last scan. Is there any alternative to this ? Thanks, Kunal

PortSwigger Agent | Last updated: Sep 15, 2015 10:47AM UTC

We removed the ability to completely delete scan queue items, and replaced it with the option to hide finished items. This is necessary to support some planned features in which Burp will retrospectively report issues for items that have already completed scanning (details to follow). To make this possible, we can't have users deleting old scan queue items.

Burp User | Last updated: Sep 15, 2015 02:51PM UTC

I guess I understand where you coming from as far as implementing this change to support tracking items and such. But, I often encounter a situation where a scan craps out due to errors, and it's nice to go back through and select a subset of items to rescan and then delete those - knowing they had been addressed. As it is right now, this process is incredibly cumbersome now that the delete issue has been removed. How about restoring it for items that failed? PLEASE :P

PortSwigger Agent | Last updated: Sep 15, 2015 03:30PM UTC

What about using the "cancel" action on failed scan items? These should be hidden by the new filter, so your view will be cleaner. Would that help?

Burp User | Last updated: Sep 15, 2015 07:09PM UTC

http://s12.postimg.org/spi4r3wvh/burp_Delete.png < look here - the abandoned issues disappear when you click 'hide finished items'. When you have 1 page out of 500 that is causing everything to go down and fail - the new way you guys have set up managing the scanner section doesn't really allow you to manage scanning sections/clearing them(Deleting them so you know you've verified those are good). Instead you have to sort through a list of thousands and thousands of entries and try to refind your place, scan a few more, then repeat the process. The old way allowed for this sort of neat-management. I'd really like to see it brought back In some form. Perhaps, if you guys want to maintain everything previously scanned, you can just give us the ability to 'Hide' a subset of items instead of 'whats finished' - That would solve my (and a lot of other folks I've spoken too about this) problem. Hope you guys can address this....

PortSwigger Agent | Last updated: Sep 16, 2015 08:09AM UTC

Thanks for the further detail. We completely appreciate that this is a valid use case / workflow that we need to accommodate. We just need to think about the best way of doing so. One option, as you describe, would be to have a "hide this item" option. But this would really require a second show/hide filter, so that you could unhide things again, and the interplay between the two filters would be messy. Another option would be to support user annotations in the scan queue, as we do for the Proxy history and site map. With this, you could set a comment or highlight color on selected items. As you work through the queue to scan several items at a time, you could then quickly highlight or comment the items you have retried. Do you think this would meet your needs?

Burp User | Last updated: Sep 18, 2015 03:47PM UTC

Yes, I believe so. I like where your going with this. Into your first sudgestion - perhaps a 'Manage Filters' tab could pop up with a secondary window which allowed you to add/remove/hide/color code/show filters. There is another great security tool I use that does this (IDA Pro) - and I can't begin to tell you how useful it is in day-to-day activities where you have large amounts of information. Anyways, thanks for replying. It sounds like you guys got things under control. Hope to see something in the coming releases. --Russell

PortSwigger Agent | Last updated: Sep 21, 2015 07:50AM UTC

Thanks for confirming. We'll take a look at providing annotations and some new filter options on the active scan queue. Unfortunately, I can't currently promise an ETA for this feature, sorry.

PortSwigger Agent | Last updated: Oct 06, 2015 03:09PM UTC

Just to let you know that in today's release we have added the ability to annotate the scan queue with comments and highlights. This should hopefully provide an (improved) alternative workflow for managing large scan queues, now that you cannot delete items from the scan queue.

Burp User | Last updated: Oct 07, 2015 03:22PM UTC

I just saw! Thanks so much for such a quick response!

PortSwigger Agent | Last updated: Oct 07, 2015 03:36PM UTC

Hi TJ, Thanks for your message. Instead of view issues in Scanner > Issuer activity, how about using Target > Site map. You can select the branch you're interested in and view issues just for that branch. You can select multiple issues and there are filter options too. Issue Activity is intended to be a log. If we allow people to delete from there is compromises the integrity of the log. As for deleting them manually, you can use Burp > Save copy of project then deselect the Scanner tool. This will retain the issues in the site map, but scan queue and issue activity will be empty. Please let us know if you need any further assistance.

Burp User | Last updated: Oct 13, 2017 04:22AM UTC

This does not solve my problem. I have "stuck" items that appear in my issue list that I need to delete. The solution of using highlighting does not solve the problem for me. At absolute minimum, there should be an automatic filtering of issues "in scope" but really the correct solution would be to simply delete things that will never, ever bear any relevance to me whatsoever, and have an option to filter out items out of the current scope. For example, there is an issue sitting in my list for Google's OSCP endpoint's having an incorrectly stated content type (created as an issue by a request automatically sent by a browser) - this means absolutely *nothing* to me given that I am performing a penetration test for "Company X" not Google's OSCP endpoint. Please fix this issue, it's incredibly frustrating. If you can't or won't fix this issue, please advise how I can manually delete this item from my file system or something so that I have some way to remove it even if it is a very tedious, time consuming method.

Burp User | Last updated: Dec 01, 2018 12:54PM UTC

I would require an option to remove items from "Issue activity". Also is there a way to view all requests done from the scanner?

PortSwigger Agent | Last updated: Dec 03, 2018 10:24AM UTC

Martin - You can view all the requests from Scanner using the Logger++ extension. There isn't currently a way to remove items from Issue Activity, although we may add that in future.

Burp User | Last updated: Jan 21, 2019 06:20AM UTC

Is there any option or functionality to remove issue activities from the Issue activity panel?

PortSwigger Agent | Last updated: Jan 21, 2019 10:17AM UTC

JK Ryan - No, unfortunately there isn't currently a way to do that.

You need to Log in to post a reply. Or register here, for free.