Burp Suite User Forum

Login to post

Send to UploadScanner not working

Martin | Last updated: Sep 02, 2020 03:58AM UTC

Send to UploadScanner stopped working with the latest Burp release. I have reinstalled it multiple times, restarted Burp multiple times. I also tried the original version of UploadScanner (not the Pro version from the BApp Store): https://github.com/modzero/mod0BurpUploadScanner With the same result. Please, before you ask me to send you logs, try it yourself with the latest version, and pull the logs from your own support's machine. Thanks for your understanding. Martin (RJ) Fürholz

Martin | Last updated: Sep 02, 2020 04:26AM UTC

I just noticed that it works with different requests. It just doesn't work with the file upload request I wanted to test.

Hannah, PortSwigger Agent | Last updated: Sep 02, 2020 12:36PM UTC

Hi Martin Have you raised this as an issue with the extension author? Is there anything different from a regular file upload in the request you were trying to test?

Martin | Last updated: Oct 15, 2020 05:51AM UTC

This is a Pro extension from Portswigger. I found the reason for this behaviour: Upload scanner doesn't accept requests without a response. It would be helpful if it would tell me, instead of failing silently. (There is a message in the extension logs.) Also I don't understand why it wouldn't work with requests without a response.

Hannah, PortSwigger Agent | Last updated: Oct 15, 2020 07:46AM UTC

Hi Martin Extensions are written by third party users of Burp, and PortSwigger Web Security makes no warranty about their quality or usefulness for any particular purpose. I would suggest that you raise this issue with the extension author. You can find the original repository here: https://github.com/modzero/mod0BurpUploadScanner

Martin | Last updated: Dec 22, 2020 07:13AM UTC

So you make users pay for the Pro Extensions, but you don't support them?

Hannah, PortSwigger Agent | Last updated: Dec 22, 2020 08:58AM UTC

Hi Martin The only reason some extensions are Pro only is that they make use of features that aren't available in Community, like the Scanner or Collaborator functionalities. All extensions are free and have their source code publicly available on GitHub. They are maintained by the extension's author. You can find our repo of forked BApp Store repositories here: https://github.com/PortSwigger

You need to Log in to post a reply. Or register here, for free.