Research Academy
My account Customers About Blog Careers Legal Contact Resellers
The Burp Suite User Forum was discontinued on the 1st November 2024.

Burp Suite User Forum

For support requests, go to the Support Center. To discuss with other Burp users, head to our Discord page.

SUPPORT CENTER DISCORD

Ignore Insertion Points

Anthony | Last updated: May 17, 2021 02:12PM UTC

Many of the extensions that I use don't ignore parameters that I have specified in the scan settings, specifically "ignore insertion points". Is there an API that extensions can use to read that config setting and act appropriately?

Uthman, PortSwigger Agent | Last updated: May 18, 2021 10:24AM UTC

Hi Anthony, Can you provide an example of an extension doing this? Are the extensions registering an IScannerInsertionPointProvider? This is automatically invoked when Burp Scanner is auditing a request. IScannerInsertionPointProvider.getInsertionPoints() will determine what insertion points are generated for that specific request so you could add some logic to an existing extension to first retrieve the insertion points, and then remove/ignore the ones you are not interested in.

Anthony | Last updated: May 18, 2021 02:37PM UTC

Thanks for the response. I understand that getInsertionPoints will return a list of insertion points. In burp scanner, I often specify a list of parameters that I don't want to be scanned. For example, __viewstate form param or __utm* cookies. Does getInsertionPoints take into account the parameters that I do not want to scan?

Uthman, PortSwigger Agent | Last updated: May 20, 2021 09:31AM UTC