Burp Suite User Forum

Login to post

Scanning based on Index ID

Madhurima | Last updated: Jun 28, 2016 06:42AM UTC

Hi, Burp has list of vulnerabilities that are covered by scanner which are listed here https://portswigger.net/KnowledgeBase/Issues/ Each vulnerability has severity and Type Index mentioned. Is there a possibility that using scanner I can pick few Type Index and run the scan against target. For Eg: I would like to verify if my target is vulnerable to Input returned in response (stored) Information 0x00400b00 vulnerability instead of running complete scan. How do I do it? Does the scanner default support selection of Type Indexs or is there an Extender API for this. Thanks, Madhurima.

PortSwigger Agent | Last updated: Jun 28, 2016 07:41AM UTC

You can select broad areas to scan at Scanner / Options / Active Scanning Areas and Passive Scanning Areas. Most of these areas correspond to a range of different specific vulnerability types. In future, we plan to let users select each individual issue to check for, in a much more granular way.

Burp User | Last updated: Jun 28, 2016 08:04AM UTC

Thank you for the details. Is there any approximate timeline that this feature is expected so that we can plan our activities accordingly. Madhurima

PortSwigger Agent | Last updated: Jun 28, 2016 08:11AM UTC

We would like to deliver these feature in the near term (along with so many others), but we can't currently provide an ETA, sorry.

You need to Log in to post a reply. Or register here, for free.