Site map - Filter by Tools
In the Site Map tree, I can see many payloads (in folder and file names) which were used by Active scanner (alone, or by some extension during the Active Scan). Such payloads are:
This results from having "URL path filenames" and "URL path folders" check in the Attack Insertion Points, which I do want to check for, but I don't want them to appear in the SiteMap itself.
Would it be possible, in the future, to filter out these attack payloads? Or rather, to filter only those requests, which were made through the Proxy (which would effectively hide undesired ones).
Burp Scanner doesn’t send all it’s traffic to the Site map.
Do you have two instances of Burp chained together?
Could you provide us with a list of all the extensions you have installed?
Is it possible the application is storing data from the scan then discovering this on a crawl?