The Burp Suite User Forum was discontinued on the 1st November 2024.

Burp Suite User Forum

For support requests, go to the Support Center. To discuss with other Burp users, head to our Discord page.

SUPPORT CENTER DISCORD

Scan Configuration

Darren | Last updated: Oct 18, 2019 01:59PM UTC

I am building an extension that calls doActiveScan and doPassiveScan. Is there a way to specify the scanner configuration. Currently tasks are created and there is a default scanner configuration used named Current auditing configuration. Is there a way to specify the configuration to be used by the scanner. I have tried exporting a scanner configuration and calling loadConfigFromJson but every time the task starts it used Current auditing configuration.

Mike, PortSwigger Agent | Last updated: Oct 21, 2019 09:57AM UTC

Hi Darren, this isn't something that is currently supported in the extensions API. IBurpExtenderCallbacks.loadConfigFromJson(java.lang.String config) is used to load a project-level configuration which is different to a scan configuration, so, unfortunately, you will not be able to use this method to solve your issue. I can create a feature request for this if this is something that you would be interested in?

Burp User | Last updated: Oct 21, 2019 03:24PM UTC

That would be fantastic Mike, I would definitely be interested in this.

Mike, PortSwigger Agent | Last updated: Oct 24, 2019 07:39AM UTC

No problem, I have created that feature request which includes a factory class to assist with creating the scan configuration which we can then pass IBurpExtenderCallbacks.doActiveScan() to make configuration much easier. I have associated this thread to help prioritize it and to notify you if it gets released.

Ben, PortSwigger Agent | Last updated: Dec 11, 2019 11:49AM UTC

Thank you for the feedback. We will notify this thread when there is further news on this feature.

Burp User | Last updated: Jan 30, 2020 08:05PM UTC

Hi I also would like this! This is a breaking change from 1.x to 2.x I think.

Luca | Last updated: Apr 14, 2020 02:01PM UTC

We got a request in https://github.com/vmware/burp-rest-api/issues/92 to support exactly this feature. It would be great to have back full control over scanner settings via the Extender API. Thanks, Luca

Uthman, PortSwigger Agent | Last updated: Apr 14, 2020 02:16PM UTC

Thank you for expressing further interest. I have raised this with our development team but cannot provide an ETA on when this will be implemented.

Shweta | Last updated: Jun 03, 2020 10:59PM UTC

When will this feature be built? I am trying to update configuration for passive and active scan and it is always showing current auditing configuration instead of the one I supplied through program. Is there any way to overwrite default configuration?

Shweta | Last updated: Jun 03, 2020 10:59PM UTC

When will this feature be built? I am trying to update configuration for passive and active scan and it is always showing current auditing configuration instead of the one I supplied through program. Is there any way to overwrite default configuration?

Uthman, PortSwigger Agent | Last updated: Jun 04, 2020 07:33AM UTC

Hi Shweta, The only workaround, for now, would be to launch your scan using the generic CI driver. You can find out further information here: https://portswigger.net/burp/extender/ci-integration. There is a README in the download folder. Unfortunately, we still cannot provide an ETA on when this capability will be added to the Extender API.

justanotheruser | Last updated: Oct 21, 2020 07:46PM UTC

Was looking for this functionality today and just wanted to add another 'yes, please' for this feature. Either via Extender or via Project Configuration files, I would like the ability to start Burp Suite with additional tasks from specific configurations in the Configuration Library. Our use case is due to a 'phased' testing approach. I want to be able to have tasks for multiple 'phases' of testing pre-configured, so testers only have to toggle task capturing on/off to begin/end a 'phase' of our testing.

Vino | Last updated: Jan 11, 2021 07:22PM UTC

Hi, Is this feature available? Using Burp 1.7, we were able to update scan configurations using Project options. With Burp 2020.12 this is not allowed. Is there a way to set the scanner configurations through API? LoadConfigJSON method in IBurpEXtenderCallBacks not updating Scanner configurations. Is there an alternate classes/methods to support this? https://portswigger.net/burp/extender/api/burp/iburpextendercallbacks.html

Uthman, PortSwigger Agent | Last updated: Jan 12, 2021 01:47PM UTC

Hi Vino, This still has not been added, unfortunately. The callback you are referring to is only for loading project-level configurations in JSON format. This does not include scan configurations. It is essentially the options under Project options in Burp. We will update this thread when scan configuration support has been added to the Extender API.

Vino | Last updated: Jan 12, 2021 06:46PM UTC

Thanks for the prompt response. May I know when this feature will be released? Until then is there any alternative to update scan configuration through APIs?

Uthman, PortSwigger Agent | Last updated: Jan 13, 2021 09:39AM UTC

Hi Vino, You would likely need to use the REST API instead - https://portswigger.net/blog/burps-new-rest-api. I cannot provide an ETA on when scan configuration support will be added to the Extender API, unfortunately.

Vino | Last updated: Jan 14, 2021 08:24AM UTC

Thanks. I have looked at the Rest API and It has scan submission API(post) with scan configuration.But I'm looking at the way to update only the scan configuration As I'm submitting scans with insertionpointoffsets (doActiveScan(java.lang.String host, int port, boolean useHttps, byte[] request, java.util.List<int[]> insertionPointOffsets)) which seems not possible through Rest API.

Uthman, PortSwigger Agent | Last updated: Jan 14, 2021 09:25AM UTC

Thanks for clarifying. That will not be possible at present, unfortunately.

Jackson | Last updated: Aug 17, 2022 09:58PM UTC

Adding another "yes please"

Hannah, PortSwigger Agent | Last updated: Aug 18, 2022 08:23AM UTC

Thanks for the feedback! We've added your +1 to the ongoing feature request for this functionality.

Muhammed | Last updated: May 17, 2023 01:36PM UTC

Adding another "yes please"

Hannah, PortSwigger Agent | Last updated: May 18, 2023 03:56PM UTC