Research Academy
My account Customers About Blog Careers Legal Contact Resellers
The Burp Suite User Forum was discontinued on the 1st November 2024.

Burp Suite User Forum

For support requests, go to the Support Center. To discuss with other Burp users, head to our Discord page.

SUPPORT CENTER DISCORD

Scanner: Ignore errors and continue

Steve | Last updated: Sep 27, 2016 03:31AM UTC

I am testing a target which intentionally resets the TCP connection if it receives certain kinds of invalid inputs. When performing an active scan, Burp will only perform so many requests before it aborts and reports "abandoned - too many errors". I would like Burp to ignore these resets and continue as if it received an HTTP response. Is there a way to make it do that? I couldn't find any relevant settings. I searched around for this topic but only found this thread where it was mentioned that a setting like this might be added in the future: http://forum.portswigger.net/thread/903/burp-scanner-abandoned-errors-setting I am using Burp Suite Pro v1.7.07. Thanks

PortSwigger Agent | Last updated: Sep 27, 2016 08:23AM UTC

Thanks for this feedback. Burp gives up on an insertion point if it receives a number of connection failures or timeouts in a row for that insertion point. This was intended to deal with WAFs etc. that spot unexpected input in a parameter and just stop processing the request without dropping the TCP connection. If the same thing happens for a number of insertion points in a row, then the whole scan item is abandoned. Unfortunately, we don't yet have any configuration relating to this behavior, sorry.

Burp User | Last updated: Jul 28, 2018 02:25PM UTC

I've got the same issue. Any updates on this?

PortSwigger Agent | Last updated: Jul 30, 2018 03:29PM UTC

We have made significant progress on this. We're going to be announcing new features over the month. Follow the updates here: - https://portswigger.net/blog/the-new-month-of-burp-pr0n

Burp User | Last updated: Aug 03, 2018 11:45AM UTC