Research Academy
My account Customers About Blog Careers Legal Contact Resellers
The Burp Suite User Forum was discontinued on the 1st November 2024.

Burp Suite User Forum

For support requests, go to the Support Center. To discuss with other Burp users, head to our Discord page.

SUPPORT CENTER DISCORD

IScannerCheck -- Consolidate Duplicate issues method

Ajani | Last updated: Sep 14, 2015 03:14PM UTC

My question is about the consolidateDuplicateIssues Method. Currently I am writing an extension that passively scans for certain strings in requests. The problem is that there are multiple requests for each site, and the same string in each of the requests. This results in a great deal of duplicate issues, which is the exact problem that the method to , well, consolidate issues is supposed to correct. As far as I can see, consolidateDuplicateIssues is never called, Even using pdb, there is no call inside of that function. If i am reading the documentation correctly, i shouldn't need to call the method explicitly. It was my understanding that it would be called by the scanner anytime there was a similar URL issue reported.

PortSwigger Agent | Last updated: Sep 14, 2015 03:38PM UTC

Burp only attempts to consolidate issues that are reported at the same URL path. This can happen if the user scans the same request more than once. So if your extension reports lots of issues at different URLs, then Burp won't attempt to consolidate them, and so your consolidation method won't get called.

PortSwigger Agent | Last updated: Feb 19, 2016 09:43AM UTC

Hi Thomas, Thanks for your inquiry. We just coded a simple Python to verify this behavior, and consolidateDuplicateIssues() is called as expected. You can try this yourself: - https://gist.github.com/pajswigger/39cdad4bc9f90c4a98e0498b93320165 To be clear, it is only called when a particular IScanCheck is run on the same URL multiple times. If your extension registers two IScanChecks, they won't consolidate with each other. If you're still having difficulty, please can we see the source code to your extension.

Burp User | Last updated: Sep 15, 2017 06:57AM UTC

Hello, I developed an extension as well and face the same issue. The consolidate method is never called despite URL paths are exactly the same. If I keep do a passive scan on the very same request, which have an issue to report, a duplicate issue will be created and consolidateDuplicateIssues() won't be called. some details: The extension I write is in Python. I return a Python list or None (I tried with returning empty list as well). My Burp version is Pro 1.7.27. Thank you,

Burp User | Last updated: Mar 27, 2018 07:05AM UTC