Burp Suite User Forum

Login to post

Different Bugs on Re-scanning same project/file

Khizra | Last updated: Jan 03, 2020 11:25AM UTC

Hi, I did a scan a saved its file/script. Now when i run the same script multiple times it shows different results on scanning the same script. It showed only informational issues one time and on running it second time it showed high severity issues (SQL Injection etc). Why is it not showing same results on re-scanning?

Hannah, PortSwigger Agent | Last updated: Jan 03, 2020 11:28AM UTC

Hi Are you performing a crawl and audit, or just an audit? Are you using the same configuration each time or is it changing? Are you scanning the same target each time?

Burp User | Last updated: Jan 03, 2020 12:47PM UTC

Hi Hannah Law, I did an active scan on the same target with same configuration every time. I dont see any Crawl and audit options here. Can you guide me where i can find these crawl and audit options?

Hannah, PortSwigger Agent | Last updated: Jan 03, 2020 01:57PM UTC

Hi Khizra. Could you tell me what version of Burp Suite you are using, and whether it is Community or Professional?

Burp User | Last updated: Jan 06, 2020 04:54AM UTC

Hi Hannah Law, I am using Burp Suite Professional v1.7.34. I am curious why does it show different bugs on re-scanning. How does the active scan work and why all those issues are not identified in the very first scan?

Hannah, PortSwigger Agent | Last updated: Jan 06, 2020 02:10PM UTC

Hi Khizra. Our most up to date version of Burp Suite is 2.1.07. There are a number of major changes that have been implemented since 1.7. You can download the most up to date version of Burp by going to our website portswigger.net and logging in with the account associated with your license. With regards to 1.7, are you using a live scan or a manual scan (https://support.portswigger.net/customer/portal/articles/1783127-using-burp-scanner)?

Burp User | Last updated: Jan 07, 2020 04:46AM UTC

Hi Hannah Law, I am using Active Scanning. Firstly i browse all the URLs and then add them to scope. After that i start active scan on the target scope. My Question here is that why is it showing new issues everytime. For example, if i scan a Url once, it shows informational issues on it but on re-scanning it shows very high severity issues on the same Url which was scanned previously and showed low issues? Why does it not identify all issues in one scan on same Url?

Burp User | Last updated: Jan 07, 2020 05:09AM UTC

One more thing, while active scanning, Spider is always paused.So this means i am not performing scanning along with spider.

Ben, PortSwigger Agent | Last updated: Jan 07, 2020 10:51AM UTC

Hi Khizra, Differences in scan results can occur for various reasons – changes in the application code, intermittent network failures, different application data/state causing different crawl paths or issues being observed. We can probably help you more if you identify specific issues that are changing. You might need to examine the details of the issues affected, to understand why the differences are arising. You could also try tuning Scanner engine. In general, using fewer threads increases determinism by reducing side-effects on the server side due to concurrent access/updates. You mentioned that you were reusing a script to carry out your scan, are you browsing the URLs each time that you scan or simply rerunning the active scan against an existing site map? As Hannah mentioned in her previous message, we would always recommend updating to the latest version of Burp Professional (which is currently at 2.1.07) in order to take advantage of the latest functionality and bug fixes available.

Michelle, PortSwigger Agent | Last updated: Jan 07, 2020 11:51AM UTC

Hi Khizra It would be good to know if you see the same using the latest version of Burp (2.1.07), would you be able to test that for us, please? As Ben mentioned there can be many reasons why two scans can pick up different issues, to help us understand your setup it might be useful to see some screenshots or a screen recording of the steps you are taking to run the scan and the results at each stage. If you would be happy to send these you can email them to support@portswigger.net.

Burp User | Last updated: Jan 08, 2020 07:01AM UTC

Hi Ben, I did active scan. First time it showed me all informational/Low issues. On re-scanning the same script, it identified SQL Injection issue. I again scanned the same script, it identified some more new high severity issues like python code injection, Ruby code injection, OS Command Injection. After facing all these issues, i scanned the script again and then again these issues were not there. At last i created a new script/Project by browsing URLs again, it identified high severity issues again.This is really confusing that it is showing different results every time. No i am not browsing the URLs each time, i am simply reusing the active scan against the existing site Map.

Burp User | Last updated: Jan 13, 2020 04:54AM UTC

Hi Michelle, I will try with latest version of burp and will let you know.

You need to Log in to post a reply. Or register here, for free.