When starting a new scan with the exact same URLs, all the request-level checks run, but host-level checks do not. It works correctly as described, but only with the first scan of these hosts. The host-level checks absolutely should run once per host, that's their main difference from request-level checks, but the issue is that the host-level checks do not run again with a new scan, even though request-level checks do when scanning the exact same requests/URLs.Īs an example, when entering the following URLs to scan:Ī host-level check should run once for and once for while request-level checks should run for all four URLs. Not that there was any confusion on your part, but I just want to clarify one thing for other readers since the title and my first post are not that clear. ) depending on the entered URL to scan ( vs ). Namely the if condition that prevents a double slash (e.g. There should be some better solution to this: I know you can right click a request in the proxy or repeater, select scan and then there's an option to "audit selected items", but I want to be able to enter URLs to scan manually.Ģ. There should be a third option called "Audit (only)". I just want to run my BChecks and don't care about crawling, but when clicking "New Scan" on the Dashboard, the only options are "Crawl and audit" and "Crawl". Slightly off-topic, but some additional feedback regarding BChecks.ġ.
Burp Suite Navigation Recorder is a Chrome extension that enables you to record.
Burp suite extensions for free#
Access the full title and Packt library for free now with a free trial.
Burp suite extensions how to#
To me this is a bug that should be fixed, all the checks should run again when starting a new scan. Improve your Burp Suite scan coverage by manually capturing how to perform complex actions on your website. Hands-On Application Penetration Testing with Burp Suite More info and buy Youre currently viewing a free sample. Currently, a workaround is to close and reopen Burp, then the scanner will run the checks again.
If you delete an issue found by a host-level check and then run the scan again, it should discover the issue again (as long as it's still present), but it doesn't, because it doesn't perform any of the checks again. However, I would expect the checks to run again when starting a new scan for the same host. It is an example of a per-host check (_that is, a check that runs once for each host scanned_)." From the example host check documentation: "This check enables Burp Scanner to see whether the target application exposes a Git directory. I found that host-level BChecks only run once per host, which according to the documentation might be intentional. I tried experimenting with the new BChecks feature in Burp 2023.6.
0 kommentar(er)
