Name is required.
Email address is required.
Invalid email address
Answer is required.
Exceeding max length of 5KB

Site map - Filter by Tools

Andrej Simko Oct 25, 2018 08:52AM UTC

In the Site Map tree, I can see many payloads (in folder and file names) which were used by Active scanner (alone, or by some extension during the Active Scan). Such payloads are:
%00grqjw%22a%3d%22b%22sc35f
%00prompt(1)
..%5c..%5c..%5c..%5c..%5c..%5c..%5c..%5c..%5c..%5c..%5c..%5c..%5c..%5c..%5c..%5cwindows%5cwin.ini%00index
This results from having "URL path filenames" and "URL path folders" check in the Attack Insertion Points, which I do want to check for, but I don't want them to appear in the SiteMap itself.
Would it be possible, in the future, to filter out these attack payloads? Or rather, to filter only those requests, which were made through the Proxy (which would effectively hide undesired ones).
Thanks


Liam Tai-Hogan Oct 30, 2018 11:33AM UTC Support Center agent

Burp Scanner doesn’t send all it’s traffic to the Site map.

Do you have two instances of Burp chained together?

Could you provide us with a list of all the extensions you have installed?

Is it possible the application is storing data from the scan then discovering this on a crawl?


Post Your public answer

Your name
Your email address
Answer