Burp Suite User Forum

Login to post

Identify False Positives for Scanner

Tony | Last updated: Jun 07, 2022 03:07PM UTC

While performing a scan some issues that are identified are a false positive, which I can manually identify as such. It would be helpful if I can also identify to the Burp Scanner what specifically in the response that indicates that the finding is a false positive so that all future findings discovered by the scanner with the same response content can automatically be listed as a false positive. For example, a scan I just performed a large number of URLs as vulnerable to XPath with a "firm" confidence, however, the all of the response pages identified as vulnerable have a javascript resource that includes a folder name of 'wgxpath'. The scanner identified 'xpath' in the folder indicating the vulnerability. If I could select the path in the response to indicate to the scanner a false positive. The response included <script type='text/javascript' src='/lib/wgxpath/wgxpath.install.js'>. If I can highlight that text, or even just the path of '/lib/wgxpath/wgxpath.install.js' and the scanner identifies the vulnerability inside that highlighted text to instead indicate it automatically as a false positive.

Michelle, PortSwigger Agent | Last updated: Jun 09, 2022 10:05AM UTC

Thanks for the feedback. We're currently taking a look through this for you and having a chat with the developers, we'll be in touch soon.

Michelle, PortSwigger Agent | Last updated: Jun 10, 2022 01:32PM UTC

Thanks for your patience. We've been having a chat with the developers about your issue and it would be good to find out a few more details. Would you be happy to share the base response for any scan item(s) where this issue is being reported (redacted if necessary) and if there are any redirects in the base response(s). You can send these to us directly using support@portswigger.net.

You need to Log in to post a reply. Or register here, for free.