Burp Suite User Forum

Login to post

intrusive or not

Kan | Last updated: Nov 03, 2021 09:14AM UTC

Hi, How do I know if an extension I'm interested in, is intrusive or not. My goal for the time being is to run scan that will not harm the location/DB/code that I'm scanning

Hannah, PortSwigger Agent | Last updated: Nov 03, 2021 10:38AM UTC

Hi Extensions should be separating their scan checks into passive and active checks. Passive checks should not be making requests to the target application. If you're running a full scan, and want to disable active checks for extension-generated issues, you can go to "Scan configuration > Auditing > New > Issues reported > Select individual issues > Right-click on "Extension generated issues" > Edit detection methods" and disable Active checks. If you need to check the source code for any BApp Store extension, there are links to GitHub in the BApp description.

You need to Log in to post a reply. Or register here, for free.