Burp Suite User Forum

Login to post

trigger an active scanning programatically

Adrian | Last updated: Sep 09, 2019 03:59PM UTC

Dear burp team, From an extension I would like to firstly do an passive scanning. Once the application was scanned then I would like programatically for each (passive) request to do an active scanning. The goal of all this is that Burp is used by tests; so all the passive scanning requests are triggered by automatic tests. When the tests are over we would like to re-run teh same HTTP requests in active scanning but whitout re-executing the tests. So the extension will store all the passive requests via IBurpExtenderCallbacks#doPassiveScan method but I don't know how to trigger programatically (from the extension not from the UI) an active scanning for each previously passive requests. Hope i was clear thx, Adrian

Mike, PortSwigger Agent | Last updated: Sep 10, 2019 12:30PM UTC

Hi Adrian, any reason why you want to do it this way as opposed to a single thorough scan? You could invoke a scan every time an HTTP request is intercepted with the initial passive scan inside @IHttpListener.processHttpMessage(int toolFlag, boolean messageIsRequest, IHttpRequestResponse messageInfo)@ using @doActiveScan()@ so it happens automatically.

Burp User | Last updated: Sep 10, 2019 03:20PM UTC

Hello Mike, Thx for your answer. To answer to your question: we tryto kill 2 birds with one stone :) Let me explain. This automatic tests are what is called "regression tests"; they are testing that no regression was introduced to the application. You will say that this have nothing to do with teh security. You are completly right ! The idea was that this regression tests are executed using/through the Burp proxy so we will be able to also catch security vulnerabilities and we are using only passive scanning. So, the first bird to kill is the application regsression (we are sure the application works as supposed to work) and the second bird is find vulnerabilities in the application, all this executing the tests only once (it migh be thousants of tests running for hours). Now if for every passive request, we trigger immediately active request/s than this new request/s created by burp will migh influence the outcome of the regression tests. We don't want the tests results be influenced by queries trigered by burp. The idea is to run the tests using only passive scanning and when all the tests are over then we replay all the queries using active scanning to catch more security issues and don't caring if the burp queries will brake the system. hope my long explanation was clear thx, Adrian

Mike, PortSwigger Agent | Last updated: Sep 11, 2019 08:26AM UTC

I would like to clarify my understanding of your request. You would like to start a crawl operation and store a list of all requests that you encounter, once that operation is finished you then want to start an Audit operation for each individual request that was discovered during the initial phase and use those results for regression testing?

You need to Log in to post a reply. Or register here, for free.