Research Academy
My account Customers About Blog Careers Legal Contact Resellers

Burp Suite User Forum

Create new post

Enterprise Scan Configurations

Bell, | Last updated: Dec 01, 2021 05:05PM UTC

Please create an option to disabled downloads of scan configurations or to limit scan configurations to certain groups or roles. The downloaded configurations include cleartext passwords from the platform authentications section.

Maia, PortSwigger Agent | Last updated: Dec 02, 2021 10:35AM UTC

Hi, Whilst we don't have a permission to specifically disable the download, but we do have a permission for viewing scan configurations. When creating or editing a role this permission is located under Scans > Scan configurations. If you create and use a role with this permission disabled then you will no longer see the scan configurations tab, nor have the ability to view the scan configuration details. You will still be able to select a scan configuration when creating a site or scheduling a scan.

Bell, | Last updated: Dec 02, 2021 08:01PM UTC

Well i have groups of people that still need to see/create configurations and within those configs they use their own credentials. It would nice to just be able to disable the download of configurations/make it an admin only function.

Maia, PortSwigger Agent | Last updated: Dec 03, 2021 04:26PM UTC

Hi, I have added this as a feature request for you.

You must be an existing, logged-in customer to reply to a thread. Please email us for additional support.