Research Academy
My account Customers About Blog Careers Legal Contact Resellers
The Burp Suite User Forum was discontinued on the 1st November 2024.

Burp Suite User Forum

For support requests, go to the Support Center. To discuss with other Burp users, head to our Discord page.

SUPPORT CENTER DISCORD

loadConfigFromJson() is not working as expected

Bhaskar | Last updated: Aug 05, 2021 04:26AM UTC

Hi Team, I am trying update scanner configuration in my extender. It seems the scanner configurations are not getting updated. Initially I am reading the scanner config, it is showing as null. Then I am updating with my custom scanner configurations. after putting into an object, tried reading the scanner audit speed property. it is giving the value as expected. But after loading the complete object using "loadConfigFromJson" and try reading the same scanner property, it is throwing an error saying that "scanner" config not found at all. tried saving the config and check, it shows no scanner properties. It looks like the "loadConfigFromJson" is not working as expected. Below is my source code. could you please check. Code: public void updateScannerConfig() { String jsonConfig = callbacks.saveConfigAsJson(); JSONObject obj = new JSONObject(jsonConfig); JSONObject current_scan_config = obj.optJSONObject("scanner"); if(current_scan_config==null) { debug.println("scanner config not found"); } else { } String string = "{\"scanner\":{\"audit_optimization\":{\"consolidate_passive_issues\":true,\"follow_redirections\":true,\"maintain_session\":true,\"scan_accuracy\":\"normal\",\"scan_speed\":\"fast\",\"skip_ineffective_checks\":true},\"error_handling\":{\"consecutive_audit_check_failures_to_skip_insertion_point\":12,\"consecutive_insertion_point_failures_to_fail_audit_item\":12,\"number_of_follow_up_passes\":1,\"pause_task_failed_audit_item_count\":10111,\"pause_task_failed_audit_item_percentage\":0},\"frequently_occurring_insertion_points\":{\"quick_scan_body_params\":true,\"quick_scan_cookies\":true,\"quick_scan_entire_body\":true,\"quick_scan_http_headers\":true,\"quick_scan_param_name\":true,\"quick_scan_url_params\":true,\"quick_scan_url_path_filename\":true,\"quick_scan_url_path_folders\":true},\"ignored_insertion_points\":{\"skip_all_tests_for_parameters\":[],\"skip_server_side_injection_for_parameters\":[{\"enabled\":true,\"expression\":\"aspsessionid.*\",\"item\":\"name\",\"match_type\":\"matches_regex\",\"parameter\":\"cookie\"},{\"enabled\":true,\"expression\":\"asp.net_sessionid\",\"item\":\"name\",\"match_type\":\"is\",\"parameter\":\"cookie\"},{\"enabled\":true,\"expression\":\"__eventtarget\",\"item\":\"name\",\"match_type\":\"is\",\"parameter\":\"body_parameter\"},{\"enabled\":true,\"expression\":\"__eventargument\",\"item\":\"name\",\"match_type\":\"is\",\"parameter\":\"body_parameter\"},{\"enabled\":true,\"expression\":\"__viewstate\",\"item\":\"name\",\"match_type\":\"is\",\"parameter\":\"body_parameter\"},{\"enabled\":true,\"expression\":\"__eventvalidation\",\"item\":\"name\",\"match_type\":\"is\",\"parameter\":\"body_parameter\"},{\"enabled\":true,\"expression\":\"jsessionid\",\"item\":\"name\",\"match_type\":\"is\",\"parameter\":\"any_parameter\"},{\"enabled\":true,\"expression\":\"cfid\",\"item\":\"name\",\"match_type\":\"is\",\"parameter\":\"cookie\"},{\"enabled\":true,\"expression\":\"cftoken\",\"item\":\"name\",\"match_type\":\"is\",\"parameter\":\"cookie\"},{\"enabled\":true,\"expression\":\"PHPSESSID\",\"item\":\"name\",\"match_type\":\"is\",\"parameter\":\"cookie\"},{\"enabled\":true,\"expression\":\"session_id\",\"item\":\"name\",\"match_type\":\"is\",\"parameter\":\"cookie\"}]},\"insertion_point_types\":{\"insert_body_params\":true,\"insert_cookies\":true,\"insert_entire_body\":true,\"insert_http_headers\":true,\"insert_param_name\":true,\"insert_url_params\":true,\"insert_url_path_filename\":true,\"insert_url_path_folders\":true},\"issues_reported\":{\"scan_type_intrusive_active\":true,\"scan_type_javascript_analysis\":true,\"scan_type_light_active\":true,\"scan_type_medium_active\":true,\"scan_type_passive\":true,\"select_individual_issues\":false,\"selected_issues\":[],\"store_issues_within_queue_items\":false},\"javascript_analysis\":{\"fetch_out_of_scope_resources\":true,\"max_dynamic_time_per_item\":30,\"max_static_time_per_item\":30,\"request_missing_dependencies\":true,\"use_dynamic_analysis\":true,\"use_static_analysis\":true},\"misc_insertion_point_options\":{\"max_insertion_points_per_base_request\":30,\"use_nested_insertion_points\":true},\"modifying_parameter_locations\":{\"body_to_cookie\":false,\"body_to_url\":false,\"cookie_to_body\":false,\"cookie_to_url\":false,\"url_to_body\":false,\"url_to_cookie\":false}}}"; JSONObject new_scanner_config= new JSONObject(string); obj.put("scanner", new_scanner_config.getJSONObject("scanner")); debug.println(obj.getJSONObject("scanner").getJSONObject("audit_optimization").get("scan_speed")); callbacks.loadConfigFromJson(obj.toString()); debug.println("updated config"); debug.println((new JSONObject(callbacks.saveConfigAsJson())).getJSONObject("scanner").getJSONObject("audit_optimization").get("scan_speed")); //debug.println(callbacks.saveConfigAsJson()); } Thanks, Bhaskar.

Hannah, PortSwigger Agent | Last updated: Aug 05, 2021 08:35AM UTC

Hi Bhaskar You can't adjust scan configurations using the Extender API. IBurpExtenderCallbacks.loadConfigFromJson() is used to load project-level configurations in Burp. This is best described as the output available by going to the "Project" menu item, and then "Project options > Save project options". This method has the same actions as the "Load project options" menu item, that is available in the same place. You may be able to use a different scan configuration by launching a scan with the REST API. However, this will perform a full crawl and audit.

Bhaskar | Last updated: Aug 05, 2021 11:25AM UTC

Hi Hannah, Thank you for your response. Can this functionality be added to the burp in feature releases? Thanks, Bhaskar.

Hannah, PortSwigger Agent | Last updated: Aug 05, 2021 01:15PM UTC