Improved detection of stored input

Dafydd Stuttard | 09 August 2018 at 16:29 UTC
MoBP Burp Suite

Burp Scanner is already capable of detecting when applications store input from one request and return it in the response to another request. When storage and retrieval of input is detected, Burp then checks for a number of second-order issues, such as SQL injection and cross-site scripting.

However, Burp's current capability has two key limitations:

The new multi-phase scanning model largely removes these limitations and greatly improves Burp's detection of stored input. Active scanning is split into the following distinct phases, and each phase is completed for all items before starting the next phase:

This phased delivery of the different audit tasks removes the dependency on the order in which items are scanned, and reduces the likelihood that stored data is overwritten by other activity before it is observed.