Research Academy
My account Customers About Blog Careers Legal Contact Resellers

Burp Suite User Forum

Create new post

Scanner: Ignore errors and continue

Steve | Last updated: Sep 27, 2016 03:31AM UTC

I am testing a target which intentionally resets the TCP connection if it receives certain kinds of invalid inputs. When performing an active scan, Burp will only perform so many requests before it aborts and reports "abandoned - too many errors". I would like Burp to ignore these resets and continue as if it received an HTTP response. Is there a way to make it do that? I couldn't find any relevant settings. I searched around for this topic but only found this thread where it was mentioned that a setting like this might be added in the future: http://forum.portswigger.net/thread/903/burp-scanner-abandoned-errors-setting I am using Burp Suite Pro v1.7.07. Thanks

PortSwigger Agent | Last updated: Sep 27, 2016 08:23AM UTC

Thanks for this feedback. Burp gives up on an insertion point if it receives a number of connection failures or timeouts in a row for that insertion point. This was intended to deal with WAFs etc. that spot unexpected input in a parameter and just stop processing the request without dropping the TCP connection. If the same thing happens for a number of insertion points in a row, then the whole scan item is abandoned. Unfortunately, we don't yet have any configuration relating to this behavior, sorry.

Burp User | Last updated: Jul 28, 2018 02:25PM UTC

I've got the same issue. Any updates on this?

PortSwigger Agent | Last updated: Jul 30, 2018 03:29PM UTC

We have made significant progress on this. We're going to be announcing new features over the month. Follow the updates here: - https://portswigger.net/blog/the-new-month-of-burp-pr0n

Burp User | Last updated: Aug 03, 2018 11:45AM UTC

If your scan fails because of too many "500 Internal Server Error" then replace that with something like "400 Bad Request". I did this with my plugin https://github.com/DanNegrea/PyRules and the following code inside "#Python rules go here" text area: #Python rules go here if not messageIsRequest: response = helpers.bytesToString( messageInfo.getResponse() ) response = response.replace(u"500 Internal Server Error",u"400 Bad Request",1) response_bytes = helpers.stringToBytes(response) messageInfo.setResponse( response_bytes ) Leave the "#Initial values go here" empty. Good luck!

You must be an existing, logged-in customer to reply to a thread. Please email us for additional support.