Research Academy
My account Customers About Blog Careers Legal Contact Resellers

Burp Suite User Forum

Create new post

Directory guessing extension for the Scanner

Amb123 | Last updated: Jan 16, 2015 11:30PM UTC

Is there any way to augment the scanner's capabilities to search through a list of directories that I specify? I know how to do this in intruder, but I want to be able to have this trigger automatically during a Burp Suite Scan. I looked at the 'insertion points' extension demo, but that just modifies a post parameter, whereas I want to modify the URL. Thanks in advance for your help!

PortSwigger Agent | Last updated: Jan 19, 2015 09:02AM UTC

Do you mean you want to brute force a list of common directory names to confirm which ones exist on the server? Note that you can do this with Burp's built-in content discovery function, but you could also do it easily enough with an extension. Since this is something you'll only want to do once for each directory that gets sent for scanning, you'll need to keep some state in your extension that records which folders have been tested (e.g. a simple Set<String> containing the URLs of folders that have been tested). Then, when a request is sent for scanning with a directory that hasn't been scanned, you can add it to the set and do whatever logic you want (send requests, identify hits, report issues or add to site map).

Burp User | Last updated: Feb 16, 2015 10:30AM UTC

I suggest to highlight Burp’s built-in content discovery function. Maybe in Spider tab ? And, yes, it should be a good idea to include "Custom file list" and "Custom directory list" in Filenames option.

PortSwigger Agent | Last updated: Feb 16, 2015 04:29PM UTC

You can use the makeHttpRequest() methods in IBurpExtenderCallbacks to issue HTTP requests of your own, and you can decide (based on HTTP status code, page title etc) whether the responses represent valid resources or not-found responses. Then you can report any discovered items as Scanner issues if you prefer, or alternatively call addToSiteMap to add the items to Burp's site map.

Burp User | Last updated: Feb 28, 2015 06:18PM UTC

Like Amb123 I would like to find a way to query new directory or new file from the Live active scanner each time a new file or directory is browsed. Is this possible to do it like you said in the previous comment and if so can you detail which classes to use? Thanks

Burp User | Last updated: Mar 05, 2015 05:35PM UTC

Thanks a lot, will try it out!

PortSwigger Agent | Last updated: Mar 09, 2015 10:39AM UTC

There isn't currently any way to use Burp's own Content Discovery feature via the API, sorry.

Burp User | Last updated: Jun 01, 2016 04:36AM UTC

Is there a way to invoke the Content Discovery function from a custom extension? I know the response from Dafydd Stuttard is one way of doing the content discovery using custom list of directories, but I dont want to reinvent the wheel and am a fan of the already existing feature of burp.

You must be an existing, logged-in customer to reply to a thread. Please email us for additional support.