Research Academy
My account Customers About Blog Careers Legal Contact Resellers

Burp Suite User Forum

Create new post

Is there a way to disable the Handling Application Errors During Audit?

blake.balick-schreiber | Last updated: Mar 13, 2019 01:08PM UTC

Hi, I have run into an issue where Burp will pause the Scanner if there are too many failures. I am running Burp with an extension I wrote from the command line so I need a way to disable it via the command line, such as in the project or user config. Is this possible? Thanks

Burp User | Last updated: Mar 13, 2019 01:12PM UTC

Forgot to add, these are the errors I am seeing: Proxy: Authentication failure from localhost Proxy: Authentication failure from localhost Proxy: Authentication failure from localhost Proxy: Authentication failure from localhost Extender: java.net.SocketException: Connection reset Extender: java.net.SocketException: Connection reset Extender: Failed to connect to localhost Extender: Failed to connect to localhost Extender: Failed to connect to localhost Extender: Failed to connect to localhost Extender: Failed to connect to localhost Task 3: Paused due to error: 11 consecutive audit items have failed. Task 3: Paused due to error: 11 consecutive audit items have failed.

PortSwigger Agent | Last updated: Mar 13, 2019 01:52PM UTC

If you start a scan manually, you can select the scan configuration "Never stop audit due to application errors". It's not possible to specify a scan configuration if you use callbacks.doActiveScan() in the Extender API. However, if you use the REST API it is possible to specify a configuration, and I recommend you do that. In the future we will upgrade the Extender API.

Burp User | Last updated: Apr 02, 2019 07:42PM UTC

Thanks for this, I have started to rework my code to use a custom scan config. However, I am having trouble creating the correct JSON request for this endpoint and the documentation is lacking to say the least. Is there anyway someone could provide an example JSON or complete request to this endpoint?

PortSwigger Agent | Last updated: Apr 03, 2019 09:26AM UTC

Glad you got it sorted. You can generate JSON for the REST API using the interactive query builder. Just access the API URL in the browser and you'll see it.

Burp User | Last updated: Apr 03, 2019 02:23PM UTC

I actually figured it out. Thanks!

Christian | Last updated: Sep 19, 2023 09:37AM UTC

I dont see "Never stop audit due to application errors" option. Only: if 2 consecutive audit checks fail... if 2 consecutive insetio points fails... Pause the task if: 60 consecutive audit items fail [] % of audit items fail

Dominyque, PortSwigger Agent | Last updated: Sep 19, 2023 09:55AM UTC

Hi Christian That audit option refers to the 'Pause the task if' area. Using '0' is an invalid value, so you can set a ridiculously high number for the 'consecutive audit items fail,' for example, 999999, to ensure the audit is not stopped/paused based on errors. https://portswigger.net/burp/documentation/scanner/scan-configurations/burp-scanner-built-in-configs#:~:text=Never%20stop%20audit%20due%20to%20application%20errors&text=When%20scanning%20with%20this%20configuration,10%20consecutive%20audit%20items%20fail.

You must be an existing, logged-in customer to reply to a thread. Please email us for additional support.