Research Academy
My account Customers About Blog Careers Legal Contact Resellers
The Burp Suite User Forum was discontinued on the 1st November 2024.

Burp Suite User Forum

For support requests, go to the Support Center. To discuss with other Burp users, head to our Discord page.

SUPPORT CENTER DISCORD

How to set active scanner insertion points

vino | Last updated: Aug 09, 2019 05:32PM UTC

I'm trying to set custom insertion points for the header,query param and body parameters. Currently I'm using active scan method by passing manually caluculated offsetlist. LegacyBurpExtender.getInstance().getCallbacks().doActiveScan(host,80, false, buildRequest,offSetList); Is there any method to registerinsertion point in the payload and submit active scan?

Rose, PortSwigger Agent | Last updated: Aug 12, 2019 10:06AM UTC

We have a bit of a backlog in terms of Extensions issues. Please accept our apologies, we'll get back to you as soon as we can.

Ben, PortSwigger Agent | Last updated: Aug 14, 2019 12:12PM UTC

Hi Vino, Apologies for the length of time it has taken for us to get back to you. Firstly, can you confirm the version of Burp Suite that you are trying to extend? In the latest version of the extension API, you can register an IScannerInsertionPointProvider which will automatically be invoked when Burp Scanner is auditing a request. Your implementation of IScannerInsertionPointProvider.getInsertionPoints() will determine what insertion points are generated for that specific request. The following link provides information regarding the latest extension API documentation: https://portswigger.net/burp/extender/api/ Please let us know if you need any further assistance.

Ashish | Last updated: Jul 23, 2021 11:38AM UTC

Hi, I am trying to write an extension in Java, though I am new to Java. I want to initiate a scan through this extension which can be triggered by right clicking on Target Tree and selecting menu "Actively scan this host". For this I am implementing IScannerCheck interface along with IBurpExtender in my BurpExtender class. In the registerExtenderCallbacks method, I am registering scanner check by: callbacks.registerScannerCheck(this); I am implementing the method doActiveScan for it - public List<IScanIssue> doActiveScan( final IHttpRequestResponse iHttpRequestResponse, final IScannerInsertionPoint iScannerInsertionPoint) Please tell me what should I write in this method to initiate a generic active scan as mentioned above. You wrote above to implement IScannerInsertionPointProvider.getInsertionPoints(). How to implement this method and how to use it in doActiveScan method so as to complete my extension. Thanks Ashish Kulkarni

Uthman, PortSwigger Agent | Last updated: Jul 23, 2021 12:35PM UTC