Research Academy
My account Customers About Blog Careers Legal Contact Resellers
The Burp Suite User Forum was discontinued on the 1st November 2024.

Burp Suite User Forum

For support requests, go to the Support Center. To discuss with other Burp users, head to our Discord page.

SUPPORT CENTER DISCORD

Reuse the URLs captured using intercept on one host to run active scan on other host

ramya | Last updated: Sep 21, 2018 09:49AM UTC

Hi, I need to run active scans against a set of URLs on multiple hosts (of same application with minor application version differences, however, these URLs under test do not differ.) Is there a way that I can reuse the URLs that I captured on one host to run active scans on other hosts by changing the host name in URL and the Host in the base request that is intercepted? Is what is the way to achieve this? (There is still not any automation built which would have solved the issue of running through the URLs and capturing them in various versions of application that I want to scan)

PortSwigger Agent | Last updated: Sep 21, 2018 09:51AM UTC

This extension may help you: https://github.com/pajswigger/copy-sitemap It allows you to copy a branch of your site map to a new prefix. You can then run an active scan on the new branch.

Burp User | Last updated: Sep 21, 2018 11:11AM UTC

ok got it. Thanks a lot for the response. I was able to change the Host using copy branch now. But then the referer in the Requests is still the old host. Any suggestion on how to change this across the URLs in sitemap please?

PortSwigger Agent | Last updated: Sep 24, 2018 10:02AM UTC

I have pushed an update to copy-sitemap so it now also rewrites the referer header. Please let me know how you get on with this.

Burp User | Last updated: Sep 26, 2018 12:36PM UTC