Active scanning sorting features and insertion points fine control.
With the aim of automating Burp scan in a development cycle, I wish to get the proxy history of a specific Burp project and launch an active scan on each items.
To do so I was wondering if you would make the "remove duplicates" function available in the API (the same as in the menu when launching active scan on a bulk of items) ?
Secondly, is there a way to have more fine control on the insertion points that active scan will select ? More specifically, is there a possibility to whitelist certain parameters (cookies or else) ?
Thanks for getting in touch.
We’ll have a discussion about making exposing the Active Scan Wizard to the extension API. This is an area that is going to change significantly in future versions of Burp, so we won’t look at the API until after that is done. In the meantime, you would need to reimplement this in your own code. The logic is not actually that complex. If you want some help, let me know.
There’s quite a lot you can do around insertion points, both manually and from an extension. In Intruder, if you define positions, you can choose “Actively scan defined insertion points” from the context menu. There’s a version of doActiveScan that provides similar control. You can also register an IScannerInsertionPointProvider and this API provides a bit more control that simply specifying payload offsets, e.g. you can do encoding. The Scanner options let you turn on and off certain insertion points, such as “URL parameter values” and you can control this config from an extension using callbacks.loadConfigFromJson().
Please let us know if you need any further assistance.