Name is required.
Email address is required.
Invalid email address
Answer is required.
Exceeding max length of 5KB

Active Scan: Possibility to choose which extension(s) to use for scan

Damian Schwyrz Mar 12, 2019 12:56PM UTC

in Burp Beta we now have the possibility to start an active scan using "extensions only". Most of us have more than one extensions enabled, so starting "extension only" scan will result in a lot of requests which are useless but integrated in an extension.

I know one can just disable the extensions he does not need, but this is really tedious, especially on targets with a bigger scope and different stacks.

So here is my future request: It should be possible to start an active scan and choose which extensions to use. Maybe there could be another tab "extensions" like "passive", "light active", ... in the list where one could create a more than one profiles with different types of tests using only specified extensions (like: "active scan++", but not "backslash powered scanner").

What do you say? Is something like that planed?

Best regards


Paul Johnston Mar 12, 2019 02:45PM UTC Support Center agent

Hi Damian,

Thanks for your message. I agree, that would be a really useful feature. We did consider this when we first implemented granular scan config, and decided not to do it at that time. However, we will certainly bear it in mind next time we work on that feature.

Post Your public answer

Your name
Your email address