Research Academy
My account Customers About Blog Careers Legal Contact Resellers

Burp Suite User Forum

Create new post

Active scanning – Items with no parameters

Fabio | Last updated: Feb 01, 2016 03:09PM UTC

When doing an active scan, there is an option to remove items with no parameters. What are these URL parameters? Should we scan them or not necessarily?

Liam, PortSwigger Agent | Last updated: Feb 01, 2016 03:16PM UTC

Hi Fabio Thanks for your message. The active scan wizard gives you the option to remove items with no parameters, thereby enhancing the speed of your testing. However, this option should not necessarily be used automatically, because items with no parameters are normally fast to scan, and may still contain interesting bugs that can only be found via the active scanner. We would only recommend removing these items if you really need to speed up the speed of your scanning. Please let us know if you need any further assistance.

Burp User | Last updated: Feb 01, 2016 03:41PM UTC

Thank you for reply. What are these URL parameters exactly.. Are they part of a form or something else

Liam, PortSwigger Agent | Last updated: Feb 01, 2016 03:42PM UTC

URL parameters are what you see in the query string. An example of an item without parameters would be a request with no parameters in the URL. However, the request my still contain cookies that it may be prudent to scan. E.g. - With parameters: GET /WackoPicko/admin/index.php?page=login HTTP/1.1 -Without parameters: GET /WackoPicko/admin/ HTTP/1.1

Burp User | Last updated: Feb 01, 2016 04:07PM UTC

So parameters are any values passed with the URL for the page's server, for things like forms. And URLs without parameters are static pages only, or they can be dynamic pages as well?

Liam, PortSwigger Agent | Last updated: Feb 01, 2016 04:33PM UTC

Web applications can use any part of the HTTP query string as parameters. Any page can be dynamic, although web applications without parameters are less likely to be dynamic. You can read more about HTTP parameters here - http://www.tutorialspoint.com/http/http_parameters.htm.

You must be an existing, logged-in customer to reply to a thread. Please email us for additional support.