Name is required.
Email address is required.
Invalid email address
Answer is required.
Exceeding max length of 5KB

new scan and task dif

afs Oct 08, 2019 02:11AM UTC

may I know the difference between new scan and new live task?

in the new scan//scan configuration/crawling/login functions, there are only two checkbox(1) attempt to self-register (2) trigger login failures, where to input credentials?


afs Oct 08, 2019 02:15AM UTC
Hi, I find the place to enter password and user name, but the label field is questionable, does label mean url?
I need to audit www.abc.com/1, www.abc.com/test , should I create two new scan or two new live task?

how to find all urls with input form(requires user to input something) under www.abc.com?

Ben Wright Oct 08, 2019 09:29AM UTC Support Center agent

Hi,

Thank you for your messages.

The new live task option is used to perform some scanning operations automatically on requests and responses that are processed by Burp’s tools. So, for example, you could set up a new live task that will perform an audit on all the traffic that is processed by Burp Proxy as you manually browse a site.

A new scan will target the URLs specified in the configuration independently of any browsing you perform.

From your second message it sounds like you have found the correct place to enter the credentials (under the Application Login section of the New scan page). The label field is simply used to identify different credentials so, for example, you might have two credentials that you want to test (a set of administrator credentials and a set of normal user credentials). You could then label one ‘Admin’ and one ‘Normal User’ so that you know which is which for any future testing.

When you say you need to test www.abc.com/1 and www.abc.com/test, are these areas accessed through different credentials? From your previous questions, you mentioned the need to conduct one authenticated and one unauthenticated scan, is this still the case?

If you create a new scan, enter the www.abc.com url in the URLs to Scan section and then add the appropriate credentials in the Application Login section then Burp will automatically find any login pages present in the web application and attempt to login with the credentials you have supplied. If you still require to conduct an unauthenticated scan on www.abc.com then you would create a second new scan, add the url as before but then not add any credentials to the Application login section.


Post Your public answer

Your name
Your email address
Answer