How do I manual add a vulnerability
Using the intruder functionality, i saw the application was vulnerable to a XSS (with a custom payload). Active/Passive Scan doesn't find it.
So I have a hit but how can i flag this payload/result with this params as a match within the scanner result (or other place to be able to include this match into the final report) (and of course flag this with a type of XSS vuln and the relevant advisory) ?
You can’t currently create manual issues in the scan results. This feature is in our roadmap, and we hope to have it available later this year.
Do you have an approximate release data for this feature? I find myself needing it quite a bit for manual issues I discover. For now, I hack together my own HTML report that parses your output plus my own into a new file. It would be sweet to have this built-in.
We can’t promise an ETA yet, but initial work to lay the groundwork for this feature in underway. There are several related capabilities that we will implement together (yet to be announced), so it will probably be completed at least 3 months from now, but hopefully not too long after that.
Apologies for the delay on this feature – we’ve been busy with other things. User-generated manual issues are very much in our roadmap and we hope to deliver the feature soon.
FYI the Manual Scan Issues extension in the BApp Store does provide this feature, in the meantime.
Any updates on when this feature will be rolled out? It appears that the latest version of "Manual Scan Issues" plugin does not work with the latest version of Burp Suite Professional v1.7.19.
Help is greatly appreciated!
We don’t currently have an ETA for this feature, sorry. We’ll investigate the issue with Manual Scan Issues and update this thread.
The Manual Scan Issues extension has been updated and works both on the Issues tab and also the Messages tab now too.
Not sure if this is the appropriate venue for this request. But it would be amazing if:
1. The "Add Issues" menu item automatically added the request and response to the issue.
2. There was a dropdown menu item in the ManScanAdd window to choose from a list of pre-populated issues.
3. There was a way to add/edit/delete the pre-populated issues from item #2.
We don’t maintain this extension, but we’ll pass along these suggestions to the author. Hopefully the extension source will soon be available and welcoming contributions.
We’ve added the ability to add scan issues to the extender API. So you can use an extension – either “Manual Scan Issues” or the newer “Add & Track Custom Issues”. We do intend to eventually have a native feature for this, although that’s not a priority at the moment.