Burp Suite User Forum

Create new post

Spidering only POST

Karthik | Last updated: Sep 25, 2015 06:42AM UTC

Hello, I would like to spider only POST requests (and follow redirection). Is it possible ? I verified if there are any options to define the scope based on POST method, but I couldnt find any. In short, I would like to test only POST request (I know while click on perform active scan,we can select only POST request, but I want to achieve that while spidering ) This is reduce time and bandwidth

PortSwigger Agent | Last updated: Sep 25, 2015 08:09AM UTC

There isn't a way to only spider POST requests, sorry, and in general this wouldn't achieve full coverage of an application's content. If you really wanted to do this, as a hack you could write an extension that registers an IHttpListener and looks for requests being made by the Spider using a non-POST method. You could then modify the request to clear it, or redirect the host to localhost, or similar, so that the request doesn't actually get issued to the target.

Burp User | Last updated: Sep 28, 2015 01:55PM UTC

Hi Dafydd, Thanks for the clarification.

You must be an existing, logged-in customer to reply to a thread. Please email us for additional support.