The Burp Suite User Forum was discontinued on the 1st November 2024.

Burp Suite User Forum

For support requests, go to the Support Center. To discuss with other Burp users, head to our Discord page.

SUPPORT CENTER DISCORD

Spider treating active scan URLs with injected parameter queries as new urls to spider.

Matt | Last updated: Aug 16, 2016 04:08PM UTC

I built an extension that successfully spiders the application, but I have a problem where when active scanning starts in earnest, eventually it starts adding injected URLs into the scanning scope, thus duplicated the amount of work that needs to be done. I cannot find a configuration to shut off the behavior of identifying a URL with query params as a unique URL. I know that OWASP's ZAP has a setting like this. Or is there something else I'm missing?

PortSwigger Agent | Last updated: Aug 17, 2016 11:16AM UTC