The Burp Suite User Forum was discontinued on the 1st November 2024.

Burp Suite User Forum

For support requests, go to the Support Center. To discuss with other Burp users, head to our Discord page.

SUPPORT CENTER DISCORD

How does Active Scanner know the the request body to post to an api endpoint?

Raeein | Last updated: Jun 17, 2022 02:15PM UTC

I ran burp suite's active scanner and in one of the requests it made to an API, the post request body was filled automatically with the needed JSON data. How does burp know what data it should post? I also used an extension for the CORS scanner and that one as well somehow was posting the correct request body without me specifying anything. I would appreciate it if you could help me. Thank you!

Hannah, PortSwigger Agent | Last updated: Jun 20, 2022 01:50PM UTC