Burp Suite User Forum

Create new post

Scanner appears to audit URL received in 302 response

Eric | Last updated: Feb 28, 2023 06:55PM UTC

Greetings, I am using V2023.1.2 on an engagement and am having strange behavior using Scanner. I have set the scanner to audit only and provided a single URL to audit. The audit performs some number of requests to the target and then the target request will result in a 302 response to another URL not in the scan items - this will be known as the 302 target. The scanner then appears to start auditing the 302 target. The scanner will send about 10 requests to the 302 target for every 1 request to the original audit target. However, upon closer inspection, every request to the 302 target is the same. There are no differences in the 302 target - perfectly identical. I have gone ahead and disabled all extensions and set the pool to 1 concurrent request but neither of these changes has any effect. I have screenshots that I can submit to help the explanation. Thanks!

Michelle, PortSwigger Agent | Last updated: Mar 01, 2023 01:09PM UTC

Hi We've received your email and are reviewing the information and screenshots. We'll be in touch via email soon.

You must be an existing, logged-in customer to reply to a thread. Please email us for additional support.