The Burp Suite User Forum was discontinued on the 1st November 2024.

Burp Suite User Forum

For support requests, go to the Support Center. To discuss with other Burp users, head to our Discord page.

SUPPORT CENTER DISCORD

Reporting only on POST not GET methods? (Scanner)

Joel | Last updated: Feb 17, 2016 05:05PM UTC

Hi, After running a passive scanner session I have hundreds and hundreds of potential CSRF 'missing anti-CSRF token' (so far in reality they are all false positives and the anti-CSRF token is just contained with some other data e.g. uifsid=0&_csrf= (the _csrf is the anti-CSRF token)). Anyhow, what I really would like to be able to do is report only on POST methods and not GET methods. Is this possible via an HTML report? Some other method? Something to put on the roadmap for reporting? Thanks and best wishes, Joel

PortSwigger Agent | Last updated: Feb 19, 2016 08:46AM UTC