Burp Suite User Forum

Create new post

Reduced parameters to be checked in Scanner

Ander | Last updated: Dec 19, 2016 01:25PM UTC

I'm trying to write an extension of BURP to reduce the number of checks to be done while performing and Active/Passive scan. Our tool already provides integrity validation for links and non-editable data, so my idea was to create an extension so that the number of checks performed by BURP is reduced not to include those. I'm reviewing the API for extension but I cannot figure out if this is even possible. Could you help me on that? Thanks in advance

PortSwigger Agent | Last updated: Dec 19, 2016 01:45PM UTC

You can configure which scan checks are enabled (or indeed any other project level setting), via the API: https://portswigger.net/burp/extender/api/burp/IBurpExtenderCallbacks.html#loadConfigFromJson(java.lang.String) Just create the config you want in the UI, save the config for the relevant panel(s) as JSON, and load the config as a string via the above API.

Burp User | Last updated: Dec 19, 2016 05:02PM UTC

Thanks for the response, it looks like a good starting point, After reviewing scanner configuration I have some additional questions: a) Parameter Name: I guess this option means including a random new parameter right? b) URL path filename: I don't completely understand which is the purpose of this insertion point, is it changing directly the request path? If I'm right with their meaning I think that both of them should be disabled while testing Hdiv protected websites. But now it comes the complicated part, our framework protects parameters inside links and data that is not editable (selects, radios..) 1) My first thought was to disable "URL Parameters values" but those parameters could be received in case of links but also in GET Forms, is there any way to distinguish between them? 2) For each particular form there will be editable and non-editable parameters is there any way to handle that? I could have used "Skip all tests for these parameters" but I would need the URL in the configuration. Is there anything to help me on that?

PortSwigger Agent | Last updated: Dec 19, 2016 05:05PM UTC

To understand the meaning of individual configs in the JSON, we suggest you look first at the Burp UI, and read the relevant documentation for each panel, as necessary. The config names within the JSON are closely mapped to the UI captions, so should be clear enough after understanding the UI options. Normally, you want to scan every parameter and possible insertion point, even if you suspect that the platform "protects" some of them. It's common for unexpected issues to exist within parameters like these.

You must be an existing, logged-in customer to reply to a thread. Please email us for additional support.