Burp Suite User Forum

Login to post

How does Active Scanner know the the request body to post to an api endpoint?

Raeein | Last updated: Jun 17, 2022 02:15PM UTC

I ran burp suite's active scanner and in one of the requests it made to an API, the post request body was filled automatically with the needed JSON data. How does burp know what data it should post? I also used an extension for the CORS scanner and that one as well somehow was posting the correct request body without me specifying anything. I would appreciate it if you could help me. Thank you!

Hannah, PortSwigger Agent | Last updated: Jun 20, 2022 01:50PM UTC

Hi Are you referring to a "Crawl and audit" scan, or are you right-clicking and selecting "Do active scan" or are you "Auditing selected items"?

You need to Log in to post a reply. Or register here, for free.