BApp details: Manual Scan Issues
This extension allows users to manually create custom issues within the Burp Scanner results.
Burp does a great job of finding issues, but it can't find everything. There are some tasks that must be completed by a user. With this extension, you can add an issue with all of the same properties as a native Burp issue. There are three tabs available:
- The "General" tab contains all of the basic information about the issue: the issue name, detail, background, remediation background, remediation detail, url, port, confidence, severity, and protocol.
- The "HTTP Request" tab contains an editor that houses the HTTP request of the custom issue.
- The "HTTP Response" tab contains an editor that houses the HTTP response of the custom issue.
- Select the target that requires a custom issue.
- In the Contents or Issues section of the selected target, right click to show the context menu.
- From the context menu select "Add Issue".
- Enter custom data into the relevant fields. The extension will auto-fill the "URL" and "Port" data fields with the selected target's url and port.
- Once all of the data has been entered, click the "Import Finding" button.
- A custom issue has been added to your target.
|Author||Joshua Smith & Benjamin Wireman, Dynetics|
|Last updated||23 May 2017|
You can install BApps directly within Burp, via the BApp Store feature in the Burp Extender tool. You can also download them from here, for offline installation into Burp.
Please note that extensions are written by third party users of Burp, and PortSwigger Web Security makes no warranty about their quality or usefulness for any particular purpose.