Research Academy
My account Customers About Blog Careers Legal Contact Resellers

Burp Suite User Forum

Create new post

Reuse the URLs captured using intercept on one host to run active scan on other host

ramya | Last updated: Sep 21, 2018 09:49AM UTC

Hi, I need to run active scans against a set of URLs on multiple hosts (of same application with minor application version differences, however, these URLs under test do not differ.) Is there a way that I can reuse the URLs that I captured on one host to run active scans on other hosts by changing the host name in URL and the Host in the base request that is intercepted? Is what is the way to achieve this? (There is still not any automation built which would have solved the issue of running through the URLs and capturing them in various versions of application that I want to scan)

PortSwigger Agent | Last updated: Sep 21, 2018 09:51AM UTC

This extension may help you: https://github.com/pajswigger/copy-sitemap It allows you to copy a branch of your site map to a new prefix. You can then run an active scan on the new branch.

Burp User | Last updated: Sep 21, 2018 11:11AM UTC

ok got it. Thanks a lot for the response. I was able to change the Host using copy branch now. But then the referer in the Requests is still the old host. Any suggestion on how to change this across the URLs in sitemap please?

PortSwigger Agent | Last updated: Sep 24, 2018 10:02AM UTC

I have pushed an update to copy-sitemap so it now also rewrites the referer header. Please let me know how you get on with this.

Burp User | Last updated: Sep 26, 2018 12:36PM UTC

Thanks Paul. It worked perfect! I just had to copy the branch and create a session for the new branch in sitemap and run the scan. Thanks a bunch for your help!

You must be an existing, logged-in customer to reply to a thread. Please email us for additional support.