Improve automated and semi-automated active scanning in Burp Pro

Overview

PentagridScanController

Improve automated and semi-automated active scanning for BurpSuite

Author: Tobias "floyd" Ospelt, @floyd_ch, http://www.floyd.ch

Pentagrid AG, 5#, https://www.pentagrid.ch

Improve Automated and Semi-Automated Active Scanning

Active Scanning might often do things that don't make much sense, such as scanning GET requests to static .js files or scanning non-repeatable requests. This extension allows to filter and preprocess according to your needs. It tries to check if a request is repeatable or not. If a request is not repeatable, it tries to make them repeatable by injecting Hackvertor tags. The extension doesn't try to be perfect, but useful. It cuts corners and in some cases simply doesn't scan certain requests. However, the extension individually displays and explains all decisions, allowing you to change the settings if you don't like the behavior. It's a better "Actively scan all in-scope traffic through Proxy".

Requirements

This extension uses Hackvertor tags. Make sure Hackvertor is installed and active.

Compiling

gradle clean build jar

Howto use this extension

Usage is very simple:

  • Add the website you test to the scope
  • Enable "Proxy requests" in the tab/section "Scan - Options - Requests to process"
  • Browse the web application (proxy) by using the Burp builtin browser.
  • Check back on the $tabName tab and see which request have been active scanned. Check those that have a high "Interesting" rating but haven't been scanned ("Scanned" column set to false)
  • See the Dashboard for Active Scan findings
  • It's always good to sort by the reason column in the UI and check the different reasons.

Performance discussion

Improves performance by not sending everything to active scan.

Ideas for future improvements

Let me know if you think of any other improvements in the issues tab.

You might also like...
A program to flip every private, protected and package-private access flag to public in an Android dex file!

DexExposed A program to flip every private, protected and package-private access flag to public in an Android dex file! Building Simply run gradle mak

A simple android app that parses its own signature and displays it

SigDisplayer Usage Download the release APK or clone the repository and compile yourself. Sign the APK with your preferred keystore. Install and open

A program analysis tool to find cryptographic misuse in Java and Android.

A program analysis tool to find cryptographic misuse in Java and Android.

CRYLOGGER: Detecting Crypto Misuses for Android and Java Apps Dynamically

CRYLOGGER: Detecting Crypto Misuses for Android and Java Apps Dynamically

A tool translate a apk file to stantard android project include so hook api and il2cpp c++ scaffolding when apk is a unity il2cpp game. Write code on a apk file elegantly.

FakerAndroid (FakerAndroid.jar or FakerAndroid-AS) A tool translate a apk file to stantard android project include so hook api and il2cpp c++ scaffold

Secure your REST APIs with Spring Security, Resource and Authorization Server from zero to JWT

Secure REST APIs with Spring ./mvnw RTFM YouTube: Spring Security Patterns YouTube: Spring Security 5.5 From Taxi to Takeoff Official Apache Maven doc

Writeup and exploit for installed app to system privilege escalation on Android 12 Beta through CVE-2021-0928, a `writeToParcel`/`createFromParcel` serialization mismatch in `OutputConfiguration`
Writeup and exploit for installed app to system privilege escalation on Android 12 Beta through CVE-2021-0928, a `writeToParcel`/`createFromParcel` serialization mismatch in `OutputConfiguration`

Writeup and exploit for installed app to system privilege escalation on Android 12 Beta through CVE-2021-0928, a `writeToParcel`/`createFromParcel` serialization mismatch in `OutputConfiguration`

UNIX-like reverse engineering framework and command-line toolset
UNIX-like reverse engineering framework and command-line toolset

Radare2: The Libre Unix-Like Reverse Engineering Framework See the Releases page for downloads. The current git master branch is 5.7.7, next will be 5

Coinbase-pro-feed-kotlin - Kotlin Coinbase Pro Level 2 Order Book Feed
Coinbase-pro-feed-kotlin - Kotlin Coinbase Pro Level 2 Order Book Feed

Kotlin Coinbase Pro Level 2 Order Book Feed Quick start Depending on your OS run

Burp extension to create target specific and tailored wordlist from burp history.

Burp extension to create target specific and tailored wordlist from burp history.

Burp-ipv - Insertion point visualizer for Burp Suite

Insertion point visualizer for Burp Suite Building Execute ./gradlew build and y

Automated-build-android-app-with-github-action - CI/CD Automated Build Android App Bundle / APK / Signed With Github Action
Automated-build-android-app-with-github-action - CI/CD Automated Build Android App Bundle / APK / Signed With Github Action

Automated Build Android With Using Github Action Project Github Action Script Us

Custom circular SeekBar (Circle, Semi-circle, and Ellipse) View/Widget for Android
Custom circular SeekBar (Circle, Semi-circle, and Ellipse) View/Widget for Android

CircularSeekBar Android CircularSeekBar Custom View/Widget This is a custom circular SeekBar. It can be used to create SeekBars that are: -Full Circle

WolfxPaper - A Paper fork designed for Wolfx Survial, may useful for some Semi-Vanilla Server

WolfxPaper A Paper fork designed for Wolfx Survial, may useful for some "Semi-Va

QCalc - A lightweight semi-scientific calculator for Android

QCalc A lightweight semi-scientific calculator for Android. Written from scratch

A semi-official port of the open source Anki spaced repetition flashcard system to Android
A semi-official port of the open source Anki spaced repetition flashcard system to Android

AnkiDroid A semi-official port of the open source Anki spaced repetition flashcard system to Android. Memorize anything with AnkiDroid! Features night

FCM : FirePush is a lightweight Kotlin/Android library to send FCM push notifications to Android, iOS & Web like a pro.
FCM : FirePush is a lightweight Kotlin/Android library to send FCM push notifications to Android, iOS & Web like a pro.

FirePush - A Lightweight Kotlin Library for sending FCM push notification Hi, I made this Library for a Chat based project I was working on. So I deci

Authenticator Pro is a free open-source two factor authentication app for Android
Authenticator Pro is a free open-source two factor authentication app for Android

Authenticator Pro Authenticator Pro is a free open-source two factor authentication app for Android. It features encrypted backups, icons, categories

Belajar Android Jetpack Pro Dicoding - with Hilt, LiveData, Online-Offline Caching, etc

movie-catalogue-jetpack-pro-dicoding Ini adalah final submission pada kelas Belajar Android Jetpack Pro di dicoding (get 5 star) Pada project ini terd

Comments
  • [Feature Request] Custom Burp Scan configurations

    [Feature Request] Custom Burp Scan configurations

    Hi,

    Firstly thanks for the tooling :)

    While trying out the extension I noticed that currently it uses the default burp scan configurations, Where as if we launch a scan manually it allows to chose from inbuilt or custom burp scan configurations before the scan. image

    What it majorly helps with is to make the scanner more efficient and lowers the number of request sent to the server. For example I am not interested in flash related findings, hence those checks are disabled in my custom scan configuration and hence it never would have checked for it.

    image

    So I think it would be great feature to allow users to configure this in options tab under Scan Configuration heading allowing them to choose the scan configuration.

    -- Regards, @bugbaba

    opened by bugbaba 1
  • Feature Enhancement - Agregatte Parameters Scanned

    Feature Enhancement - Agregatte Parameters Scanned

    Hi,

    Just watched your talk from earlier in the year and i have been dealing with Portswigger support on similar issues. Controller looks like a great answer to some of my issues. While Controller will reduce duplication at the request level Burps selection of injection points is still a bug bear for optimal scanning. While there are definitely advantages in scanning the same headers and parameters on different requests it would be good if there was a way to report on and de-duplicate at the injection point level. Just some report of what was being scanner would help identify injection points missed by the default scanner so they can be manually added and scanned. From your experience with Controller how feasible would it be to collate and report on the injection points being scanned and optimize those injection points into the scanner ?

    I ask as i find myself constantly using 'manually send to scanner' due to the large number of parameters and requests involved in complex applications. For an initial scan it isn't a good use of time to be scanning headers and cookies over and over again in different requests. I've had tickets open with Portswigger as their de-duplication doesn't appear to work as per the documentation. i've been thinking of writing a tool to do this myself and it seems like Controller might be the correct place for this capability also.

    image

    opened by AkikoOrenji 1
Releases(0.1)
Owner
Pentagrid AG
Pentagrid performs technically solid IT security assessments.
Pentagrid AG
Burp-ipv - Insertion point visualizer for Burp Suite

Insertion point visualizer for Burp Suite Building Execute ./gradlew build and y

Silent Signal 1 Feb 2, 2022
MiHawk 🦅👁️ is simple and secure 🔒 Android Library to store and retrieve pair of key-value data with encryption , internally it use jetpack DataStore Preferences 💽 to store data.

MiHawk MiHawk ?? ??️ is simple and secure ?? Android Library to store and retrieve pair of key-value data with encryption , internally it use jetpack

Nedal Hasan Ibrahem 5 Sep 3, 2022
Easy to use cryptographic framework for data protection: secure messaging with forward secrecy and secure data storage. Has unified APIs across 14 platforms.

Themis provides strong, usable cryptography for busy people General purpose cryptographic library for storage and messaging for iOS (Swift, Obj-C), An

Cossack Labs 1.6k Dec 29, 2022
Grab’n Run, a simple and effective Java Library for Android projects to secure dynamic code loading.

Grab’n Run, a simple and effective Java Library for Android projects to secure dynamic code loading.

Luca Falsina 418 Dec 29, 2022
Android virtual machine and deobfuscator

Simplify Generic Android Deobfuscator Simplify virtually executes an app to understand its behavior and then tries to optimize the code so that it beh

Caleb Fenton 4.1k Dec 25, 2022
BlackDex is an Android unpack tool, it supports Android 5.0~12 and need not rely to any environment. BlackDex can run on any Android mobile phones or emulators, you can unpack APK File in several seconds.

BlackDex is an Android unpack tool, it supports Android 5.0~12 and need not rely to any environment. BlackDex can run on any Android mobile phones or emulators, you can unpack APK File in several seconds.

null 4.3k Jan 2, 2023
A simple and opinionated AES encrypt / decrypt Ruby gem that just works.

AESCrypt - Simple AES encryption / decryption for Ruby AESCrypt is a simple to use, opinionated AES encryption / decryption Ruby gem that just works.

Gurpartap Singh 158 Oct 18, 2022
Simple API to perform AES encryption on Android. This is the Android counterpart to the AESCrypt library Ruby and Obj-C (with the same weak security defaults :( ) created by Gurpartap Singh. https://github.com/Gurpartap/aescrypt

AESCrypt-Android Simple API to perform AES encryption on Android with no dependancies. This is the Android counterpart to the AESCrypt library Ruby an

Scott Alexander-Bown 636 Dec 18, 2022
A Java ePub reader and parser framework for Android.

FolioReader-Android is an EPUB reader written in Java and Kotlin. Features Custom Fonts Custom Text Size Themes / Day mode / Night mode Text Highlight

FolioReader 2.1k Jan 3, 2023