Research Academy
My account Customers About Blog Careers Legal Contact Resellers

Burp Suite User Forum

Create new post

Burp API Support for Selecting Active Scanning Areas

Amit | Last updated: Jul 27, 2015 08:30AM UTC

Hi There, I was looking through the API and I couldn't find support for passing in values for Active Scanning Areas. So if I wanted an active scan to be performed with only some of these areas selected: sqlInjection osCommandInjection serverSizeCodeInjection xssReflected xssStored pathTraversalManipulation externalInteraction httpHeaderInjeciton xmlInjection soapInjection csrf openRedirection headerManipulation serverLevelIssues While the GUI allows this, I am unsure if the API supports this yet. I looked through the forum and found this note from March this year, which seems to suggest it's on the cards but not yet supported. https://support.portswigger.net/customer/portal/questions/11498225-additional-step-for-scanner-options-when-launching-active-scanner- Maybe I am mixing up two issues. Can you please clarify?

PortSwigger Agent | Last updated: Jul 28, 2015 08:55AM UTC

You can configure which areas will be scanned via the IBurpExtenderCallbacks methods saveConfig() and loadConfig(). If you call saveConfig(), you will obtain a map of config name->value. You can modify the contents of this map and then call loadConfig() to reload it. The relevant config names are: scanner.testinfodisclosure scanner.testheadermanipulation scanner.testCsrf scanner.testforms scanner.testLDAPinjection scanner.testcommandinjectioninformed scanner.testredirection scanner.testSQLinjectionerror scanner.testSQLinjectionmssql scanner.testSQLinjectionmysql scanner.testpathtraversal scanner.testSQLinjectionoracle scanner.testSQLinjectiontime scanner.testSQLinjection scanner.testparams scanner.testcookies scanner.testcaching scanner.testheaderinjection scanner.testcommandinjection scanner.testSQLinjectionboolean scanner.testcommandinjectionblind scanner.testexternalinteraction scanner.testlinks scanner.testclickjacking scanner.testserverissues scanner.testserversidecodeinjection scanner.testXMLSOAPinjection scanner.testreflectedXSS scanner.testserverissuespassive scanner.testmime scanner.testviewstate scanner.testheaders We are currently working on a new way of handling preferences which will propvide a much easier and more expressive way to update configs in the way that you want.

Burp User | Last updated: Oct 29, 2015 07:13PM UTC

Thank you.

You must be an existing, logged-in customer to reply to a thread. Please email us for additional support.