Burp Suite User Forum

Login to post

How does Burp Suite Enterprise choose when two configuration files conflict?

Andrew | Last updated: Nov 09, 2022 07:28AM UTC

Hi, Team: We can upload more than two configuration files for a site in Burp Suite Enterprise (Settings > Configuration). but how does Burp Suite Enterprise choose when two configuration files conflict? The A configuration uses a private Collaborator Server, which is exported from Burp Suite Professional; the B configuration uses default configuration "Audit checks - medium active", which modified "Connections > Upstream Proxy Servers". For example, will Burp Suite Enterprise uses the private Collaborator Server server or the default Collaborator Server server when scanning the site? Thanks!

Alex, PortSwigger Agent | Last updated: Nov 09, 2022 07:50AM UTC

Hi Andrew, Thanks for your post. When applying multiple scan configurations, they are applied in the order that they are "Stacked". This means that any options specified for a particular setting take precedence over equivalent settings for configurations higher in the list. You can find more detail, along with an example here: https://portswigger.net/burp/documentation/enterprise/reference/scan-config-details#:~:text=Modular%20scan%20configurations Best regards,

Andrew | Last updated: Nov 09, 2022 08:45AM UTC

Hi Alex, Which Collaborator Server will Burp Suite Enterprise use when scanning with two configuration files, private Collaborator Server or default Collaborator Server? And what vulnerability types are detected in relation to the Collabrator Server? like the scanning effect will be better if there is a collabrator server. Thanks!

Alex, PortSwigger Agent | Last updated: Nov 09, 2022 10:19AM UTC

Hi Andrew, If you add a private Collaborator Server config to a site in Burp Suite Enterprise, it will override the default regardless of where it lies in the config stack. The Burp Collaborator documentation gives some examples of the issues that utilize external service interaction: https://portswigger.net/burp/documentation/collaborator Additionally, if you follow this linked guide you can edit the individual issues view within Burp Suite Professional to edit the detection methods to Collaborator only and see which issues apply: https://portswigger.net/burp/documentation/desktop/scanning/audit-options#:~:text=g.%20%22logout.aspx%22).-,Issues%20reported,-These%20settings%20control Best regards,

You need to Log in to post a reply. Or register here, for free.