Burp Suite User Forum

Login to post

Web Server/Application Analyzer

Ivan | Last updated: Aug 12, 2020 02:17PM UTC

Hi, I know there are some extentions that analyze http headers and contents (like vulnerability software reporter or http headers analyser), but what about a built-in analyzer to adapt burp payloads/engine to web server/application software? Like, if there is PHP it would avoid python object injection payloads and similar. It would make scans more lighter and faster in my opinion. I know it's an hard work, but maybe it could help pentesters out. Also if no data is retrieved you can make the user set used languages and things. Cheers.

Michelle, PortSwigger Agent | Last updated: Aug 13, 2020 11:55AM UTC

Could you tell us a bit more about your use case and describe some scenarios explaining how you would like to use something like this? What steps would you imagine taking if such a feature existed?

Ivan | Last updated: Aug 19, 2020 07:31PM UTC

So, this is to make the pentest more lighter and faster (without useless payloads) What I mean is this. A tool (like repeater or integrated into passive/active scan) that analyze the responses/requests to understand what technology is used. Something like wappalyzer that gives an idea on what the site is running. For example, if the tool find that a website has PHP as backend language , it would disable/skip checks of Perl/python code injection, and similar. This could be used for path traversal as apache, nginx, iis treat all paths and slashes differently. Other checks would be on the SSL version used and protocols, check for URL Rewrite rules and if found automatically handle them, ans so on. If the tools would be detached (as repeater or decoder), I input an url into a text box and then click a button called "Analyze" and all data gathered would be outputted into a box under the textbox and button and an informational issue will be created with all data like: --- Title: WebServer Technology Detected Description: Techonolgies found: Language: PHP (v X) WebServer: NGINX (v X) JS Framework: AngularJS (v X) Etc.. --- Or if the tool would be integrated into the scanner, it would just pop the same issue on the dashboard. It could be also useful detached for community version or maybe just for professional one. Maybe it's a silly/complicated idea, but it could be much helpful in my opinion. Thanks!

Michelle, PortSwigger Agent | Last updated: Aug 20, 2020 02:06PM UTC

Thanks for the information and the suggestion. This could get complex, especially if more than one site was being scanned and the sites used different technologies. Fingerprinting servers is non-trivial unfortunately and is not always reliable so there is a chance things could end up being missed in the scan. One option could be to build up a library of customized scan configurations that can then be quickly selected depending on the needs of the scan

Ivan | Last updated: Aug 21, 2020 03:41PM UTC

Yeah, this could be a start maybe?

Michelle, PortSwigger Agent | Last updated: Aug 24, 2020 01:34PM UTC

Thanks for the feedback!

You need to Log in to post a reply. Or register here, for free.