Burp Suite User Forum

Create new post

How do i use the active scanner to scan json and gwt requests?

Rui | Last updated: Sep 06, 2016 08:34PM UTC

I can do this by sending a request to the Intruder and then choosing 'Actively scan defined insertion points' for JSON (or by using the GWT insertion Points extension for GWT). How do I do this in bulk, as opposed to individually for each request though?

PortSwigger Agent | Last updated: Sep 07, 2016 08:48AM UTC

Burp Scanner understands JSON content, both in the entire message body and embedded within other data (for example, URL-encoded within a query string parameter). So you shouldn't need to do anything special to perform effective scanning of JSON content. Burp doesn't natively understand GWT, but there is an extension in the BApp Store that claims to automatically handle insertion points in GWT requests: https://portswigger.net/bappstore/ShowBappDetails.aspx?uuid=a0740678763a4c748bbe7c79151cbe00

You must be an existing, logged-in customer to reply to a thread. Please email us for additional support.