Research Academy
My account Customers About Blog Careers Legal Contact Resellers
The Burp Suite User Forum was discontinued on the 1st November 2024.

Burp Suite User Forum

For support requests, go to the Support Center. To discuss with other Burp users, head to our Discord page.

SUPPORT CENTER DISCORD

Long scan that has multi parameters in body with hidden fields as a parameter.

HappyGilmore | Last updated: Mar 26, 2020 06:13PM UTC

Good Day Burp Suite and everyone. Here is what I am trying to do. I have single application to scan with many parameters in the body. If I have to pause the scan because of time allowed. Before I paused the scan, I see only have one more parameter that needs to be scan. When, I open the project back up and get everything ready to start scanning again. How do I just scan that last parameter in already pause scan. More detail information example If you have logger++ install and running You select the Params table You see Type Name Value Cookie XXX XXXX Body _XXX XXXX Body Time XXXX Body Custom xxxx Body Phone xxxx I need to scan just Phone not all the rest of them. Any help with this would be great.

Hannah, PortSwigger Agent | Last updated: Mar 27, 2020 08:41AM UTC

Have you tried sending the specific request to Intruder, changing the insertion points under the positions tab, and then right-clicking and selecting "Scan defined insertion points"? If you simply want to continue the scan from where you previously left off, have you unpaused the scan?

HappyGilmore | Last updated: Mar 27, 2020 12:16PM UTC

Good Day Hannah, I have done the intruder on many parts of the parameters. One thing is for sure, when I pause the scan and close the burp suite. Then I come back to it, starts at the top and works it way down for sure. That is why I was asking, about this. I have also try editing the scan configuration, Ignored insertion points. Skip all tests for these parameters add Body Parameter Name is _XXX then add the rest of parameter I am not needing to scan again. Did not work. Is there a way in intruded to scan insertion point the way same way burp does ??? Thank you again Hannah Any help is always welcome

Hannah, PortSwigger Agent | Last updated: Mar 27, 2020 12:38PM UTC

Are you wanting to crawl and audit an entire site (with your specific insertion point), or just audit a specific page?

HappyGilmore | Last updated: Mar 27, 2020 01:23PM UTC

Hey Hannah, After reviewing the headers information with more detail viewing. I discovered that I was not matching the exact parameters so that was the reason why what i was trying to do was not working. Very sorry about that. Hopefully my messing up with will help someone not do what I did. Question about Intruder scanning like burp for insertion points let me know on that one :)

Hannah, PortSwigger Agent | Last updated: Mar 30, 2020 09:06AM UTC

I'm glad you managed to resolve your issue. With regards to Intruder scanning like Burp for insertion points, you can right-click on your Intruder request and use the "Scan defined insertion points" option. That will then trigger Burp to audit that request using the insertion points that are shown in Intruder.

HappyGilmore | Last updated: Mar 30, 2020 07:37PM UTC