Research Academy
My account Customers About Blog Careers Legal Contact Resellers

Burp Suite User Forum

Create new post

auto scan pre-populated site map

hong | Last updated: Jan 25, 2017 06:03PM UTC

Hi, I have built a site map for a host that I am interested. I would like to scan this site map automatically (without spidering it before scanning) I am thinking to build an extender that will do following: (1) start burp with extension loaded and site map loaded (2) get pre-populated site map, for each url, send to active scan (3) start active scan for those urls (4) generate scan report for all the issues I am having trouble at step #2. The function getSiteMap() return empty. Any help is appreciated!

PortSwigger Agent | Last updated: Jan 26, 2017 09:17AM UTC

What code are you running to fetch the current site map? How are you starting Burp with "site map loaded"? Is the content loaded before your extension code executes?

Burp User | Last updated: Jan 26, 2017 07:56PM UTC

when I load the burp v1.7.16, the GUI asks me to select project file, so I select the one that has site map The extension will be loaded since I have "automatically reload extensions on startup" checked under the Extender option. Not sure which one will get executed first, site map, or extension.

PortSwigger Agent | Last updated: Jan 27, 2017 09:00AM UTC

Thanks. If you are reopening a project with the site map already there, then the data will all be present before your extension loads. Maybe you're doing something wrong in your code. You can email support@portswigger.net with your code if you want us to take a look.

You must be an existing, logged-in customer to reply to a thread. Please email us for additional support.