Name is required.
Email address is required.
Invalid email address
Answer is required.
Exceeding max length of 5KB

Burp Suite Scanner - SSRF detection

Matt B Aug 02, 2019 04:43PM UTC

Hi,

With the recent Capital One breach, the SSRF vulnerability has been highlighted as a potential cause/method of the breach.

My question is, does either the Burp Suite Pro or Enterprise version automatically detect SSRF while scanning? From what i can find in my research, it appears that you can only detect this with Burp Suite manually


Liam Tai-Hogan Aug 05, 2019 10:03AM UTC Support Center agent

Yes, Burp scans for SSRF, the scan check is called Out-of-band resource load (HTTP).

- https://portswigger.net/kb/issues/00100a00_out-of-band-resource-load-http

Please let us know if you need any further assistance.


Post Your public answer

Your name
Your email address
Answer