Research Academy
My account Customers About Blog Careers Legal Contact Resellers

Burp Suite User Forum

Create new post

Scanner restarted a scan when another item has been cancelled

Manuel | Last updated: Jun 18, 2019 10:06PM UTC

I wanted to cancel a scan that i started earlier within one of the stock configurations in the library, "Audit coverage - thorough" so i right-clicked it in the "Audit items" tab inside the task and choosen "Cancel". Some seconds after the scan was cancelled, the scanner restarted a random task that was stopped two months ago, without any warning or message. I can't really remember if its status was "Done" or "Cancelled" btw :( Not sure how to replicate this, but i'm attaching a screenshot for the start/end time columns: https://i.imgur.com/SjLPEGm.png This probably won't help you either, but i don't have any more information than the task numbers themselves: the new one i wanted to cancel was the #8, the one that was automatically restarted was #4.

Patrick, PortSwigger Agent | Last updated: Jun 19, 2019 08:50AM UTC

Hi Manuel, Thank you for reporting this issue. The behavior that you have described sounds very strange. Would you be able to answer a few additional questions? 1. Are you using the default resource pool? If not, were task #4 and task #8 in the same resource pool? 2. Do you remember the exact type of the two scan tasks? For example, were they both "Crawl and audit"? 3. Is the screenshot that you provided for audit items in task #4 or task #8? Thank you, Patrick

Patrick, PortSwigger Agent | Last updated: Jun 19, 2019 02:03PM UTC

Hi Manuel, Thank you for getting back to me and apologies for taking so long to get back to you. I understand the symptoms that you are describing but unfortunately I'm unsure how we might fix the problem. This seems like a really good bug BTW. Is there any chance that you are able to reproduce the problem? Thanks again, Patrick

Burp User | Last updated: Jun 19, 2019 09:34PM UTC

Hi Patrick and thanks for getting back to me. First of all i'm really sorry that i noticed i used the word "task" very improperly here, as i was intending the audit items #4 and #8 in the audit items list tab, not the tasks in the Dashboard. So what restarted on its own was item #4 only seconds after item #8 was cancelled and the task details window was closed. (i noticed a repaint problem in this window and audit items row will not always update until i select them, so i didn't notice the item resumed the scan). I'm now pretty sure that item #4 RESUMED the scan, and didn't RESTART: i'm infering this from the number of requests reportedly processed (18000+, 16 insertion points): this imply that task #4 was previously cancelled in April and thus it didn't finish on its own so it never performed all the queued requests. (since i cannot see a resume option for cancelled tasks, i suppose it either restarted the scan and not reset the requests counter column, or it [improbably] resumed for real) I've currently a total of 6 tasks enabled in this project, everything i talked about in the previous post happened in only one of them. This is the only task configured to perform the stock audit configuration "Audit coverage - thorough" straight from the library and never edited (default settings are fine). For this project i have 2 different resource pools, both configured as 10 max concurrent reqs with no delay: the task is using the default one and has never been changed (not even switched to another and then switched it back to the default one). This task has been configured to perform the stock audit configuration from its creation, and never changed in any way. Finally, the screenshot depicts the audit item #4 that restarted on June, 18 and stopped on April, 20. Again please forgive me for my very bad and unfortunate wording: being a developer myself i would hate me much. NOTE: it would be fantastic if i could provide you with the project file, unfortunately this is a sensitive target that will not authorize the disclouse of anything in any kind of form :(.

You must be an existing, logged-in customer to reply to a thread. Please email us for additional support.