Research Academy
My account Customers About Blog Careers Legal Contact Resellers

Burp Suite User Forum

Create new post

How to doActiveScan by use the specified IscannerCheck?

fa1ntStar | Last updated: Jul 19, 2022 01:51PM UTC

Hello I have write some active scan rules by implements IscannerCheck#doActiveScan. Sometimes I want to scan the items by use the specified IscannerCheck, but when I use callback.doActiveScan the all IscannerChecks will be called. How can I implements it?

Hannah, PortSwigger Agent | Last updated: Jul 19, 2022 02:42PM UTC

Hi When implementing IScannerCheck.doActiveScan(), this means that you have provided the Scanner with an additional check to perform. This is used when running a scan under "Scan configurations > Auditing > Issues reported > Extension-generated scan checks". IBurpExtenderCallbacks.doActiveScan() will trigger an active scan to be performed by the scanner - this will also include any additional Scanner checks registered by an extension, if these are present. There is no way to adjust your scan configuration from the Extender API, as this is a user-configurable option. You can find some examples of an extension that registers an additional scan check here: https://github.com/PortSwigger/example-scanner-checks

fa1ntStar | Last updated: Sep 27, 2022 02:48AM UTC

Thanks for your reply: I got it, here are what I want to do and some idea: I have develop some ScannerChecks: callbacks.registerScannerCheck(scannerCheck1); callbacks.registerScannerCheck(scannerCheck2); callbacks.registerScannerCheck(scannerCheck3); callbacks.registerScannerCheck(scannerCheck4); what I want to do is that: when I click a button or a menu,the scannerCheck1 and scannerCheck2 will be performed;the scannerCheck3 and scannerCheck4 will not be performed. But if I call callbacks.doActiveScan,scannerCheck1-4 will all be performed. I have a idea is that when I click a button, use the API before doActiveScan: callbacks.removeScannerCheck(scannerCheck3) callbacks.removeScannerCheck(scannerCheck4) callbacks.doActiveScan() what I want to kown is that: 1. If I use callbacks.removeScannerCheck(),whether the working scanner thread will be affected? For example, some requests I chose the "do active scan" in burpsuite and all scannerCheck are performing,then I click the button "my scan button" and call removeScannerCheck API, wheather other working Scanner threads will be affected(wheather the removed ScannerCheck will be performed in other working Scanner threads?) 2. do you hava some advices do this(make the specified scannerChecks(created by customer) to be perfomed rather than all customers scannerchecks) I'm not good at Englist, appreciate for your patience!

Hannah, PortSwigger Agent | Last updated: Sep 27, 2022 09:18AM UTC

Hi If you want just your scanner checks to be performed as a context menu item, it would probably be best to do this completely separate from an actual scan check. When the context menu item is selected, then you would start a new thread that is performing your specific actions (for example, issue a request with a payload to the targeted endpoint) and then raise an IScanIssue based on the result of your actions. You would want to make use of IBurpExtenderCallbacks.addScanIssue()n for this.

You must be an existing, logged-in customer to reply to a thread. Please email us for additional support.