PROFESSIONAL

Adding custom scan checks

  • Last updated: September 14, 2023

  • Read time: 3 Minutes

You can create and import custom scan checks using BChecks. Burp Scanner runs these checks in addition to its built-in scanning routine, helping you to target your scans and make your testing workflow as efficient as possible.

BChecks are listed in a table in the Extensions > BChecks tab. Click on any BCheck in the table to preview the definition.

The table contains the following columns:

  • Enabled - Whether the BCheck is enabled. When you enable a BCheck, by default Burp Scanner will use it when you next perform an audit. Note that you can't enable BChecks that contain errors. These are identified by a warning icon .
  • Name - The name of the BCheck.
  • Author - The name of BCheck creator.
  • Tags - Any tags that are applied to the BCheck.

Note

The Name, Author, and Tags columns are automatically populated from the BCheck definition. To modify these, edit the BCheck definition directly. For more information on editing BChecks definitions, see BCheck definition reference and BChecks worked examples.

Managing BChecks

You can perform the following actions on your BChecks:

  • To enable or disable a BCheck, use the checkbox in the Enabled column.
  • To create a new BCheck, click New. For more information, see Creating BChecks.
  • To import BChecks from a folder or text file, click Import and select the relevant file. Files that you want to import should be in plain text format with the .bcheck extension.
  • To edit a BCheck definition, double-click the BCheck.
  • To remove BChecks, select the BChecks that you want to delete, then click .
  • To copy BChecks, select the BChecks that you want to copy, then click .
  • To search in the BChecks table, click Search.
  • To search within the BCheck definition, select the BCheck, then use the search bar below the definition preview. For more information on the quick search function, see Text editor - Quick search.

Note

You can also import and export BChecks as part of a project file. For more information, see Project files.

Testing BChecks

You can test your BChecks using the BS Code editor's built-in test function. When you run a test, Burp Scanner runs the BCheck on a group of pre-selected HTTP messages and reports the results.

Alternatively, you can test multiple BChecks at once by running a scan with the Audit checks - BChecks only built-in scan configuration selected. This scan uses your enabled checks only.

More information

Testing BChecks

Managing BChecks for a specific scan

You can prevent Burp from using BChecks when scanning. To do this:

  1. Open an audit scan configuration and expand the Issues reported section.
  2. Select Select individual issues.
  3. Deselect BCheck generated issue.

You can also specify whether Burp should run BChecks for passive scans, active scans, or both. To do this:

  1. Open an audit scan configuration and expand the Issues reported section.
  2. Select Select individual issues.
  3. Right-click BCheck generated issue, then select Edit detection methods.
  4. Select Passive checks and Active checks as required.

Related pages

Was this article helpful?