Burp Suite User Forum

Create new post

Single thread possibility

Andrej | Last updated: Feb 01, 2018 01:12PM UTC

Hi, with your new update in changing the # of threads into # of concurrent rate limit; could it be possible to limit Active scan to a single thread? I test apps which often have very complex session management, or 1-time CSRF tokens, and I personally feel more confident in a single thread and scanning. Also the debugging of session management/problems with environment are much better with a single thread scanning. And last but not least, when environment becomes very congested/slow, having a single thread is better for stuff like time-based SQL injections. Many thanks

PortSwigger Agent | Last updated: Feb 01, 2018 01:26PM UTC

Hi Andrej, Thanks for getting in touch. This is a good suggestion. The current arrangement had threads = (1.25 * concurrent requests) We're going to look at hard coding the case of 1 concurrent request so it always results in 1 thread. We'll let you know when we make progress.

Liam, PortSwigger Agent | Last updated: Feb 02, 2018 12:09PM UTC

We've updated this feature so that 1 concurrent request always results in 1 thread.

Burp User | Last updated: Mar 15, 2018 06:31PM UTC

This is a great suggestion and would be very helpful for me as well. suggestion++

Burp User | Last updated: Apr 03, 2018 09:49AM UTC

Adding my support to this suggestion, has there been any movement on an update? Thanks

Burp User | Last updated: May 23, 2018 02:19PM UTC

thanks, out of curiosity, is this already present in all the tools [Active scanner, Intruder] and version 1.7.33?

PortSwigger Agent | Last updated: May 23, 2018 02:21PM UTC

Hi Andrej, The change in 1.7.33 applies to Scanner only. Spider and Intruder still have a "Number of threads" setting; they've not been migrated to "Concurrent request limit". Work on that is ongoing.

You must be an existing, logged-in customer to reply to a thread. Please email us for additional support.