Research Academy
My account Customers About Blog Careers Legal Contact Resellers

Burp Suite User Forum

Create new post

Duplicate type IDs?

Dave | Last updated: Mar 05, 2015 12:38PM UTC

Hey, I'm not sure if this is a bug or standard functionality, but some clarification would help. In recent releases we've seen some type IDs that are the same for different issues. <type>134217728</type> <name>Content Sniffing not disabled</name> <type>134217728</type> <name>Browser cross-site scripting filter misconfiguration</name> <type>134217728</type> <name>Strict Transport Security Misconfiguration</name> I guess the question is: should type be considered unique to a single check/result, or can it be used to group related items together? (in this case, they seem related to "configuration issues"). If so, presumably you guys don't publish a unique identifier for a given, specific, test case? (i.e. something to uniquely identify "Strict Transport Security Misconfiguration"). I know the serial number is output for result uniqueness, but that's for a specific instance of a result (of which there could be many). Any feedback would be greatly appreciated :) Thanks, Dave.

Burp User | Last updated: Mar 05, 2015 02:28PM UTC

As confirmed by the awesome folks in support, the identifier value in question relates to extension-generated issues that use a common extension-generation type identifier. Many thanks, Dave.

PortSwigger Agent | Last updated: Mar 05, 2015 02:50PM UTC

Thanks Dave. As he stated, the type field in the XML is indeed unique for each different type of Burp’s native issues, But all extension-generated types have the same type identifier, which is listed as “Extension-generated issue”. One solution would be to specifically handle this issue type differently, and use the issue name field as a sub-type to differentiate different extension-generated issues.

You must be an existing, logged-in customer to reply to a thread. Please email us for additional support.