Research Academy
My account Customers About Blog Careers Legal Contact Resellers
The Burp Suite User Forum was discontinued on the 1st November 2024.

Burp Suite User Forum

For support requests, go to the Support Center. To discuss with other Burp users, head to our Discord page.

SUPPORT CENTER DISCORD

How to doActiveScan by use the specified IscannerCheck?

fa1ntStar | Last updated: Jul 19, 2022 01:51PM UTC

Hello I have write some active scan rules by implements IscannerCheck#doActiveScan. Sometimes I want to scan the items by use the specified IscannerCheck, but when I use callback.doActiveScan the all IscannerChecks will be called. How can I implements it?

Hannah, PortSwigger Agent | Last updated: Jul 19, 2022 02:42PM UTC

Hi When implementing IScannerCheck.doActiveScan(), this means that you have provided the Scanner with an additional check to perform. This is used when running a scan under "Scan configurations > Auditing > Issues reported > Extension-generated scan checks". IBurpExtenderCallbacks.doActiveScan() will trigger an active scan to be performed by the scanner - this will also include any additional Scanner checks registered by an extension, if these are present. There is no way to adjust your scan configuration from the Extender API, as this is a user-configurable option. You can find some examples of an extension that registers an additional scan check here: https://github.com/PortSwigger/example-scanner-checks

fa1ntStar | Last updated: Sep 27, 2022 02:48AM UTC

Thanks for your reply: I got it, here are what I want to do and some idea: I have develop some ScannerChecks: callbacks.registerScannerCheck(scannerCheck1); callbacks.registerScannerCheck(scannerCheck2); callbacks.registerScannerCheck(scannerCheck3); callbacks.registerScannerCheck(scannerCheck4); what I want to do is that: when I click a button or a menu,the scannerCheck1 and scannerCheck2 will be performed;the scannerCheck3 and scannerCheck4 will not be performed. But if I call callbacks.doActiveScan,scannerCheck1-4 will all be performed. I have a idea is that when I click a button, use the API before doActiveScan: callbacks.removeScannerCheck(scannerCheck3) callbacks.removeScannerCheck(scannerCheck4) callbacks.doActiveScan() what I want to kown is that: 1. If I use callbacks.removeScannerCheck(),whether the working scanner thread will be affected? For example, some requests I chose the "do active scan" in burpsuite and all scannerCheck are performing,then I click the button "my scan button" and call removeScannerCheck API, wheather other working Scanner threads will be affected(wheather the removed ScannerCheck will be performed in other working Scanner threads?) 2. do you hava some advices do this(make the specified scannerChecks(created by customer) to be perfomed rather than all customers scannerchecks) I'm not good at Englist, appreciate for your patience!

Hannah, PortSwigger Agent | Last updated: Sep 27, 2022 09:18AM UTC