Burp Suite User Forum

Create new post

Reporting only on POST not GET methods? (Scanner)

Joel | Last updated: Feb 17, 2016 05:05PM UTC

Hi, After running a passive scanner session I have hundreds and hundreds of potential CSRF 'missing anti-CSRF token' (so far in reality they are all false positives and the anti-CSRF token is just contained with some other data e.g. uifsid=0&_csrf= (the _csrf is the anti-CSRF token)). Anyhow, what I really would like to be able to do is report only on POST methods and not GET methods. Is this possible via an HTML report? Some other method? Something to put on the roadmap for reporting? Thanks and best wishes, Joel

PortSwigger Agent | Last updated: Feb 19, 2016 08:46AM UTC

Thanks for this. You can't currently filter reporting based on the request method, but we'll think about how best to deal with this requirement.

You must be an existing, logged-in customer to reply to a thread. Please email us for additional support.