Research Academy
My account Customers About Blog Careers Legal Contact Resellers

Burp Suite User Forum

Create new post

Generating same issues again

Karan | Last updated: Feb 25, 2019 07:30AM UTC

Hi, I did the setup of a project and after running the Active scan I got the issues in the Issue Activity tab of burp suite and I generated the report of the same. Now after few days I ran the same scan again and I realize Burp suite hasn't reported the issues which were reported earlier. So now my question is If I have to run the same scan every month how will I see the same issues for that scan. Coz it will be very difficult for me to identify that whether the issues are fixed or they are already present in the first scan

Liam, PortSwigger Agent | Last updated: Feb 25, 2019 10:18AM UTC

Karan, are you running the scan on the same site map or running the crawl again before scanning? Where there any issues in the event log when you performed the scan? Which version of Burp are you using?

Burp User | Last updated: Feb 25, 2019 12:06PM UTC

Yes, I am running the scan on the same site map. Should I delete all the issues before starting the scan ? Yes there were issues when I first ran the scan. I have version v1.7

Liam, PortSwigger Agent | Last updated: Feb 25, 2019 02:20PM UTC

You could use a new project rather than deleting all issues. Burp Pro isn't really designed for this use case, we have created an enterprise product for comparing scan deltas. We are happy to offer trial licenses to businesses that have not used Burp Suite Enterprise Edition before: - https://portswigger.net/requestfreetrial/enterprise

Burp User | Last updated: Feb 25, 2019 02:47PM UTC

So every time if I have to run a new scan on my website, I should configure it in a new Project ? Running the scan on same site map will not solve my purpose as it will not give me the same issues again ? Is my understanding correct.?

Liam, PortSwigger Agent | Last updated: Feb 25, 2019 02:56PM UTC

You could load the same site map in to a new project each time and run an identical scan. You could then manually compare the results.

Burp User | Last updated: Feb 25, 2019 03:16PM UTC

Thanks for your reply mate. But one thing still remains unanswered that why burp suite does not give same issues in the Issue Activity tab on the next scan. As we need to generate the report for every scan.

Liam, PortSwigger Agent | Last updated: Feb 25, 2019 03:20PM UTC

Differences in scan results can occur for various reasons – changes in the application code, intermittent network failures, different application data/state causing different crawl paths or issues being observed. We can probably help you more if you identify specific issues that are changing. You might need to examine the details of the issues affected, to understand why the differences are arising. You could also try tuning Scanner engine. In general, using fewer threads increases determinism by reducing side-effects on the server side due to concurrent access/updates.

You must be an existing, logged-in customer to reply to a thread. Please email us for additional support.