Burp Suite User Forum

Login to post

Scan Configuration

Darren | Last updated: Oct 18, 2019 01:59PM UTC

I am building an extension that calls doActiveScan and doPassiveScan. Is there a way to specify the scanner configuration. Currently tasks are created and there is a default scanner configuration used named Current auditing configuration. Is there a way to specify the configuration to be used by the scanner. I have tried exporting a scanner configuration and calling loadConfigFromJson but every time the task starts it used Current auditing configuration.

Mike, PortSwigger Agent | Last updated: Oct 21, 2019 09:57AM UTC

Hi Darren, this isn't something that is currently supported in the extensions API. IBurpExtenderCallbacks.loadConfigFromJson(java.lang.String config) is used to load a project-level configuration which is different to a scan configuration, so, unfortunately, you will not be able to use this method to solve your issue. I can create a feature request for this if this is something that you would be interested in?

Burp User | Last updated: Oct 21, 2019 03:24PM UTC

That would be fantastic Mike, I would definitely be interested in this.

Mike, PortSwigger Agent | Last updated: Oct 24, 2019 07:39AM UTC

No problem, I have created that feature request which includes a factory class to assist with creating the scan configuration which we can then pass IBurpExtenderCallbacks.doActiveScan() to make configuration much easier. I have associated this thread to help prioritize it and to notify you if it gets released.

Ben, PortSwigger Agent | Last updated: Dec 11, 2019 11:49AM UTC

Thank you for the feedback. We will notify this thread when there is further news on this feature.

Burp User | Last updated: Jan 30, 2020 08:05PM UTC

Hi I also would like this! This is a breaking change from 1.x to 2.x I think.

Luca | Last updated: Apr 14, 2020 02:01PM UTC

We got a request in https://github.com/vmware/burp-rest-api/issues/92 to support exactly this feature. It would be great to have back full control over scanner settings via the Extender API. Thanks, Luca

Uthman, PortSwigger Agent | Last updated: Apr 14, 2020 02:16PM UTC

Thank you for expressing further interest. I have raised this with our development team but cannot provide an ETA on when this will be implemented.

Shweta | Last updated: Jun 03, 2020 10:59PM UTC

When will this feature be built? I am trying to update configuration for passive and active scan and it is always showing current auditing configuration instead of the one I supplied through program. Is there any way to overwrite default configuration?

Shweta | Last updated: Jun 03, 2020 10:59PM UTC

When will this feature be built? I am trying to update configuration for passive and active scan and it is always showing current auditing configuration instead of the one I supplied through program. Is there any way to overwrite default configuration?

Uthman, PortSwigger Agent | Last updated: Jun 04, 2020 07:33AM UTC

Hi Shweta, The only workaround, for now, would be to launch your scan using the generic CI driver. You can find out further information here: https://portswigger.net/burp/extender/ci-integration. There is a README in the download folder. Unfortunately, we still cannot provide an ETA on when this capability will be added to the Extender API.

You need to Log in to post a reply. Or register here, for free.