Burp Suite User Forum

Login to post

How to set active scanner insertion points

vino | Last updated: Aug 09, 2019 05:32PM UTC

I'm trying to set custom insertion points for the header,query param and body parameters. Currently I'm using active scan method by passing manually caluculated offsetlist. LegacyBurpExtender.getInstance().getCallbacks().doActiveScan(host,80, false, buildRequest,offSetList); Is there any method to registerinsertion point in the payload and submit active scan?

Rose, PortSwigger Agent | Last updated: Aug 12, 2019 10:06AM UTC

We have a bit of a backlog in terms of Extensions issues. Please accept our apologies, we'll get back to you as soon as we can.

Ben, PortSwigger Agent | Last updated: Aug 14, 2019 12:12PM UTC

Hi Vino, Apologies for the length of time it has taken for us to get back to you. Firstly, can you confirm the version of Burp Suite that you are trying to extend? In the latest version of the extension API, you can register an IScannerInsertionPointProvider which will automatically be invoked when Burp Scanner is auditing a request. Your implementation of IScannerInsertionPointProvider.getInsertionPoints() will determine what insertion points are generated for that specific request. The following link provides information regarding the latest extension API documentation: https://portswigger.net/burp/extender/api/ Please let us know if you need any further assistance.

You need to Log in to post a reply. Or register here, for free.