Burp Suite User Forum

Selectively Removing Scanner Insertion Points

Kereru | Last updated: Feb 25, 2020 09:27PM UTC

Hey good folks of Portswigger, I'm currently in the process of writing an Extension that (hopefully) would me to customize insertion points and payloads. Is it possible to selectively remove Scanner insertion points? I have tried to extend the `IScannerInsertionPointProvider` Interface, overriding `getInsertionPoints`, and removing the parameters from there. Can't help to shake off the feeling that I'm doing something horribly wrong, any help would be highly appreciated. Cheers, Kereru

Hannah, PortSwigger Agent | Last updated: Feb 26, 2020 01:09PM UTC

Hi Kereru How are you triggering your scan? Or are you intending to just generate the insertion point and payload list? Have you had a look at IBurpExtenderCallbacks.doActiveScan(java.lang.String host, int port, boolean useHttps, byte[] request, java.util.List<int[]> insertionPointOffsets)? This method can be used to send an HTTP request to the Burp Scanner tool to perform an active vulnerability scan, based on a custom list of insertion points that are to be scanned.

You need to Log in to post a reply. Or register here, for free.