Research Academy
My account Customers About Blog Careers Legal Contact Resellers
The Burp Suite User Forum was discontinued on the 1st November 2024.

Burp Suite User Forum

For support requests, go to the Support Center. To discuss with other Burp users, head to our Discord page.

SUPPORT CENTER DISCORD

make scanner skip insertion points in xml

Chandu | Last updated: Jun 29, 2023 08:22AM UTC

I'm performing an automated Burp scanning on a Soap API for client that requires username and password in every request. But if the creds are wrong for 3 consecutive requests it will block the account. So, I'm trying to skip the insertion points using scanning config for XML tags yet the scanner still inserts the payloads in the creds field of xml. Not sure where I'm missing the configuration. I tried intruder insertion points but its not covering a whole lot.

Chandu | Last updated: Jun 29, 2023 08:33AM UTC

I'm using skip all tests for the XMLtag, XML attribute but none of them are skipping the insertion points.

Chandu | Last updated: Jun 29, 2023 08:35AM UTC

<cred:Cred> <cred:Pass></cred:Pass> <cred:User></cred:User> </cred:Cred>

Dominyque, PortSwigger Agent | Last updated: Jun 30, 2023 08:01AM UTC

Hi Was this the documentation you followed: https://portswigger.net/burp/documentation/scanner/scan-configurations/audit-options#:~:text=Ignored%20insertion%20points,checks%20for%20a%20given%20parameter. Does the issue persist if adding the parameters to Ignored Insertion Points > Skip all tests for these parameters?

Chandu | Last updated: Jul 10, 2023 05:40AM UTC

hi, Yes I did follow this blog to configure my scan but of no use. Scanner keeps inserting payloads not sure why. I disabled the extension to see if they are adding but that didnt solve either.

Dominyque, PortSwigger Agent | Last updated: Jul 10, 2023 10:05AM UTC