Research Academy
My account Customers About Blog Careers Legal Contact Resellers

Burp Suite User Forum

Create new post

Passive scan sends requests

Andrea | Last updated: Apr 06, 2022 10:58AM UTC

I'm using Burp Suite Professional v2022.2.4 (issue identified both in Linux and Windows installer version). When I right click on a Target in the Site map and use the option "Passively scan this host" multiple requests are sent to the target. I don't have any extensions activated. (The issue can be reproduced with a publicly available website like google.com) Furthermore I tried configuring my own passive scan with the scan launcher with the option "Audit selected items" and my own Scan configuration. I disabled all issues in the Issues Reported tab except the issue "Extension generated issue" and removed the selection for "Make requests for missing site resources" in the JavaScript Analysis tab. This scan should do absolutely nothing per its definition, since there are no installed extensions in my burp. Why are there still requests generated?

Michelle, PortSwigger Agent | Last updated: Apr 06, 2022 03:14PM UTC

Thanks for your message. When you go to the Site Map, before choosing to "Passively scan this host" if you review the requests listed in the Site Map, are there any that don't have a response within the site map? If so do these match the requests that you then see being sent when you choose the option to "Passively scan this host"? Similarly, when you chose "Audit Selected items" did you only select items from the site map that had responses?

Andrea | Last updated: Apr 07, 2022 07:10AM UTC

I'm using the filters "Show only requested items" and "Hide empty folders" in the Site map before choosing to "Passively scan this host" and there are still requests sent. Using the google example. There is a request for https://www.google.com/async/bgasy?ei=<LongRandomID>&yv=3&async=_fmt:jspb in my proxy history. After passively scanning the host I have a request for the URL https://www.google.com/async/bgasy without parameters in my logger. Is this expected behaviour?

Michelle, PortSwigger Agent | Last updated: Apr 07, 2022 10:43AM UTC

Thanks for the update. When this request was shown in the Logger tab, which tool was listed against it, Proxy or Scanner? Did you also see this request in the Logger tab for the specific passive scan task on Burp's Dashboard?

Andrea | Last updated: Apr 11, 2022 06:49AM UTC

In the Logger tab the tool is shown as Scanner. And in the specific passive scan task in the Dashboard the Logger tab shows the same requests I see in the generic/overall Logger tab.

Michelle, PortSwigger Agent | Last updated: Apr 11, 2022 08:06AM UTC

Thanks for the update. So we can look into this further for you, can you send us a screen recording or some screenshots showing the steps you're taking to set up the scan and also show us the results of the scan to support@portswigger.net, please?

You must be an existing, logged-in customer to reply to a thread. Please email us for additional support.