Name is required.
Email address is required.
Invalid email address
Answer is required.
Exceeding max length of 5KB

Different Bugs on Re-scanning same project/file

Khizra Mujahid Jan 03, 2020 11:25AM UTC

Hi,
I did a scan a saved its file/script. Now when i run the same script multiple times it shows different results on scanning the same script. It showed only informational issues one time and on running it second time it showed high severity issues (SQL Injection etc).
Why is it not showing same results on re-scanning?


Hannah Law Jan 03, 2020 11:30AM UTC Support Center agent

Hi

Are you performing a crawl and audit, or just an audit?

Are you using the same configuration each time or is it changing?

Are you scanning the same target each time?


Khizra Mujahid Jan 03, 2020 12:47PM UTC
Hi Hannah Law,
I did an active scan on the same target with same configuration every time. I dont see any Crawl and audit options here.
Can you guide me where i can find these crawl and audit options?

Hannah Law Jan 03, 2020 01:58PM UTC Support Center agent

Hi Khizra. Could you tell me what version of Burp Suite you are using, and whether it is Community or Professional?


Khizra Mujahid Jan 06, 2020 04:54AM UTC
Hi Hannah Law,
I am using Burp Suite Professional v1.7.34.
I am curious why does it show different bugs on re-scanning. How does the active scan work and why all those issues are not identified in the very first scan?

Hannah Law Jan 06, 2020 02:17PM UTC Support Center agent

Hi Khizra.
Our most up to date version of Burp Suite is 2.1.07. There are a number of major changes that have been implemented since 1.7. You can download the most up to date version of Burp by going to our website portswigger.net and logging in with the account associated with your license.

With regards to 1.7, are you using a live scan or a manual scan (https://support.portswigger.net/customer/portal/articles/1783127-using-burp-scanner)?


Khizra Mujahid Jan 07, 2020 04:46AM UTC
Hi Hannah Law,
I am using Active Scanning. Firstly i browse all the URLs and then add them to scope. After that i start active scan on the target scope.
My Question here is that why is it showing new issues everytime. For example, if i scan a Url once, it shows informational issues on it but on re-scanning it shows very high severity issues on the same Url which was scanned previously and showed low issues? Why does it not identify all issues in one scan on same Url?

Khizra Mujahid Jan 07, 2020 05:09AM UTC
One more thing, while active scanning, Spider is always paused.So this means i am not performing scanning along with spider.

Ben Wright Jan 07, 2020 11:51AM UTC Support Center agent

Hi Khizra,

Differences in scan results can occur for various reasons – changes in the application code, intermittent network failures, different application data/state causing different crawl paths or issues being observed.

We can probably help you more if you identify specific issues that are changing. You might need to examine the details of the issues affected, to understand why the differences are arising. You could also try tuning Scanner engine. In general, using fewer threads increases determinism by reducing side-effects on the server side due to concurrent access/updates.

You mentioned that you were reusing a script to carry out your scan, are you browsing the URLs each time that you scan or simply rerunning the active scan against an existing site map?

As Hannah mentioned in her previous message, we would always recommend updating to the latest version of Burp Professional (which is currently at 2.1.07) in order to take advantage of the latest functionality and bug fixes available.


Khizra Mujahid Jan 08, 2020 07:01AM UTC
Hi Ben,
I did active scan. First time it showed me all informational/Low issues. On re-scanning the same script, it identified SQL Injection issue. I again scanned the same script, it identified some more new high severity issues like python code injection, Ruby code injection, OS Command Injection. After facing all these issues, i scanned the script again and then again these issues were not there.
At last i created a new script/Project by browsing URLs again, it identified high severity issues again.This is really confusing that it is showing different results every time.

No i am not browsing the URLs each time, i am simply reusing the active scan against the existing site Map.


Michelle Gillian Jan 08, 2020 03:53PM UTC Support Center agent

Hi Khizra

It would be good to know if you see the same using the latest version of Burp (2.1.07), would you be able to test that for us, please?

As Ben mentioned there can be many reasons why two scans can pick up different issues, to help us understand your setup it might be useful to see some screenshots or a screen recording of the steps you are taking to run the scan and the results at each stage. If you would be happy to send these you can email them to support@portswigger.net.


Khizra Mujahid Jan 13, 2020 04:54AM UTC
Hi Michelle,
I will try with latest version of burp and will let you know.

Post Your public answer

Your name
Your email address
Answer