Method to Pause/Unpause Scanner
Does the API include methods for an extension to pause and unpause the scanner? I have searched the Javadocs but didn't find any.
My scenario is an extension that implements ISessionHandlingAction to re-login the user when the session times out. I would like to pause the scanner while the login is happening so that it doesn't issue a bunch of requests with a stale session.
Is there another way to do it? Maybe by saving the configuration, altering the scan state, and reloading it into Burp?
There isn’t currently a way to do this, sorry. We do plan a general overhaul of the API at some point, and we will look into providing this capability.
One way to achieve what you want in the meantime would be to register an IHttpListener so that your code gets called for all requests. Create a lock object and acquire/release the lock when processing relevant requests. Then when your session recovery kicks in, acquire the same lock until the session is restored. This will effectively block other request threads while your custom session handler does its work.
Thanks jyarema, we’ve recorded you request and it will be considered when the API is refactored.
You may be able to get some successful with this using the session handling rule “Prompt for in-browser session recovery.”
We’ll let you know when we make progress.
We could write a plugin to do this if there was the capability to pause the scanner. We'll probably look into the IHTTPListener suggestion in the meantime, but actual pause capability would be much cleaner.
Alternatively, is there any reason we can't find the pause menu item with Java relection?
I’ve noted your +1 You will struggle to use Java reflection because the Burp code is obfuscated. You could theoretically use the Swing Robot class to simulate user actions, although it may not be completely reliable.