Viewing and analyzing issue details
Last updated: December 6, 2021
Read time: 2 Minutes
Wherever an issue is shown in Burp Suite Enterprise Edition, you can click on it to open the issue details. If there is more than one URL listed for the given issue, you need to click on the specific URL where the issue that you want to investigate was found.
The issue details page contains the following tabs.
This tab shows the key information about the issue, such as its severity and the scanner's confidence that the issue is present. The host and URL path where the issue was found are also displayed.
You can expand the collapsible headings to see more detailed information about how the issue was found, a summary of the background for this type of issue, and some general remediation suggestions.
If you are certain that this issue is a false positive, you can mark it as such by clicking the "Mark as false positive" button.
If an issue was found by an extension, you will be informed of this here.
Requests and responses
For each issue, tabs are shown for the HTTP requests and responses where the issue was found. Depending on the issue, there might only be one request and one response, or there might be a series of several interconnected requests and responses that lead to the issue.
Key parts of each request and response, such as a payload injected by the scanner and the string or regex in the response that confirms this vulnerability, are highlighted in red to help you analyze the issue.
If your administrator has configured an integration with Jira, you can create a Jira ticket linked to this issue.
The tab shows the values that were injected into a given source and the values that subsequently reached a sink. A stack trace at both the source and sink are also included.
Wherever possible, the dynamic analysis also generates a proof of concept that you can use to reproduce the issue manually.