This extension allows custom scan issues to be added and tracked within Burp. Burp adds issues that it finds from active and passive scans,
but does not allow custom issues to be created or tracked. Custom issues can now be created from different tabs within Burp by right clicking
and selecting "Add & Track Custom Issue".
The recommended place to create a custom issue from, is within the Target tab:
Select a target to create a custom scan issue for.
Right click in the Site Map, Contents, or Issues section to display the context menu.
From the context menu, select "Add & Track Custom Issue".
Information will automatically be filled in including the protocol, host, port, path, request, and response.
The issue name, severity, confidence, issue detail, issue background, remediation detail, and remediation background can then be filled in.
The Issue Selection tab allows predefined issues to quickly be selected, which will populate the issue name, severity, confidence, issue detail, issue background, remediation detail, and remediation background.
If selecting a predefined issue, it is recommended to update the Issue Detail and to add information to the Remediation Detail that ties the new issue to the predefined Issue Background and Remediation Background.
Once all of the needed information is filled in, click the "Add & Track Custom Issue" button to add the custom issue to the scan issues.
Each new issue that is added to the scan issues, will also be added to the issue selection table. This table can be exported to CSV or JSON formats, and can later be imported for future scans.
Issues can also be added from the extension's main tab. If there is not an issue selected from the issue table, a new blank issue can be created.
If an issue is selected from the issue table, a new issue based off of the selected issue can be created.
James Morris (@jamesm0rr1s), Central InfoSec
03 March 2020
You can install BApps directly within Burp, via the BApp Store feature in the Burp Extender tool. You can also download them from here, for offline installation into Burp.
You can view the source code for this BApp by visiting our GitHub page.
Follow @BApp_Store on Twitter to receive notifications of all BApp releases and updates.