Burp Suite User Forum

Wrong settings for config "Audit checks - extensions only"

Nicolas | Last updated: Oct 09, 2019 08:58AM UTC

Hello, the default configuration entry "Audit checks - extensions only" enables more than extension-provided checks, which is more than surprising (and very disturbing). Go to the menu bar, then select "Burp > Configuration library" Highlight "Audit checks - extensions only" and click on "Edit" Go to "Issues reported", sort on "Enabled" Two extra entries ("HTTP Request Smuggling" and "Backup file") are enabled Tested on Pro 2.1.04 Cheers, Nicolas

Ben, PortSwigger Agent | Last updated: Oct 09, 2019 09:01AM UTC

Hi Nicolas, Thank you for your message. I have repeated the steps that you have listed and am seeing the same results. I have logged this as a bug request with the developers and we will notify you when it gets fixed.

Burp User | Last updated: Jan 15, 2020 11:23AM UTC

A small update after three months: I just tested v2.1.07, which is still not fixed :-(

Ben, PortSwigger Agent | Last updated: Jan 15, 2020 11:51AM UTC

Hi Nicolas, This issue is still in our development backlog. We notify this thread when we have an update.

You need to Log in to post a reply. Or register here, for free.