Burp Suite User Forum

Create new post

Different results Automated Scan vs Manual Active Scan

Artur | Last updated: Jun 10, 2022 04:34PM UTC

I am pretty sure this is some misconfiguration issue but I would like to clarify this. When I do Automated scan with "crawl fast" and "audit maximum" configurations I am not getting same results as when I do "active scan" on a single request via intercept. So the question is: what is Active Scan's configuration and how to configure Automated scanner to use it? Here is the request being send to Active Scan ... I'd imagine Automated scan is capable of triggering the "Action buttons" or I do need to enabled it somehow? POST /acXXX/SystemInfo.asp HTTP/1.1 Host: User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:91.0) Gecko/20100101 Firefox/91.0 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8 Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate Content-Type: application/x-www-form-urlencoded Content-Length: 71 Origin: Connection: close Referer: Cookie: toc-toggle=true; ASPNETSessionId=pw4bwho5mqnj; __RequestVerificationToken_L0FjdGl2YXRvcg2=Yo0eQ4-luF8NF0rk1T26LosO4dHrKjK-cZY8IoQTBAahYXBY01 Upgrade-Insecure-Requests: 1 Action=Update&description=testqa&contact=test+&name=test+&location=test

Ben, PortSwigger Agent | Last updated: Jun 13, 2022 09:25AM UTC

Hi Artur, Burp will use its default scan configuration if no custom configurations are provided. If you simply initiate a crawl and audit and do not alter either the crawl or audit scan configuration settings then you will be using the defaults (this works the same when carrying out an Active Scan - if you do not specify any bespoke settings the default audit configuration will be used). You can take a look at the default settings by opening up the configurations via the 'Scan configuration' section of your scan. In terms of your specific issue - when you mention that you have set the automated scan to 'crawl fast' are you referring to changing the 'Crawl strategy' setting under the 'Crawl Optimization' section? If so, what have you changed this to - 'Fastest' or 'Faster'? By default, Burp should be 'clicking' buttons and submitting forms during the crawl phase of a scan in order to discover as much content as possible. If you look at the Logger tab for your crawl and audit, is Burp interacting with the base page but not then interacting with the action buttons or is it simply not encountering the base page at all?

You must be an existing, logged-in customer to reply to a thread. Please email us for additional support.