Multi step scan automatization
I am testing a multistep form application;
I want to scan a parameter (for XSS injection) which is taken as input in step 3 and printed out to screen at step 5. Does burp can understand it has just injected something in that parameter? and How do I do that?
Yes, Burp aims to detect stored XSS, and this capability is improved in Burp 2. There’s some more information here:- https://portswigger.net/blog/improved-detection-of-stored-input
It is difficult for automated scanners to find some variants of stored XSS, so this is an area where doing some additional manual testing can be really helpful.