Research Academy
My account Customers About Blog Careers Legal Contact Resellers
The Burp Suite User Forum was discontinued on the 1st November 2024.

Burp Suite User Forum

For support requests, go to the Support Center. To discuss with other Burp users, head to our Discord page.

SUPPORT CENTER DISCORD

RUN BURP against a file with a list of pages to scan

Donavon | Last updated: Sep 12, 2022 06:10PM UTC

Is there a way to run a BURP scan against a text file that contains a list of URL's to scan? I do not want it to crawl. Only look at the pages listed in the file. burpList.txt https://<oursite>.com/file1.html https://<oursite>.com/directory1/file1.html https://<oursite>.com/directory1/directory2/file1.html https://<oursite>.com/directory2/file1.html https://<oursite>.com/file2.html https://<oursite>.com/file3.html

Ben, PortSwigger Agent | Last updated: Sep 13, 2022 04:45PM UTC

Hi Donavon, Just to clarify the situation, you do not want to perform a general crawl of your site but you are simply looking for Burp to audit a number of locations from the target site? You would probably be better off proxying those pages manually before then performing an active scan against the locations that you are interested in (Burp needs to have sight of the underlying requests, either through a full crawl and audit or simply by you performing manual work to capture them, in order to then be able to audit those target URLs).

Donavon | Last updated: Sep 15, 2022 05:26PM UTC

Hi Ben, Yes, I want BURP to audit specific locations on the target site. How would I do this with a list of files? There could be several hundred different files. I do not want to have to navigate and touch each file manually first.

Ben, PortSwigger Agent | Last updated: Sep 19, 2022 12:47PM UTC

Hi Donavon, There is no native way to provide Burp with a file containing a list of URLs that you wish to audit - as noted, you need a way to get the requests associated with each URL into Burp in order for Burp to subsequently perform an audit of said requests. You could look to use something like the following extension in order to import a list of URLs that you wish to interact with: https://github.com/SmeegeSec/Burp-Importer This extension then provides the functionality to connect to each URL in a given list, so that the associated requests are captured in Burp. At this point you can then perform an active scan against those requests in order to audit them (if they are all from the same site then you can perform an active scan against that host within the Target -> Site map tab)

Donavon | Last updated: Oct 05, 2022 03:59PM UTC