Skip to content

Custom Scanner Checks

Jump to bottom
Chopicalqui edited this page Apr 2, 2022 · 1 revision

This tab implements the interface IScannerCheck of the Burp Suite Extender API. We can use it to implement and register our custom Scanner check. When performing scanning, Burp Suite Professional will ask the check to perform active or passive scanning on the base request, and report any Scanner issues that are identified.

Our Python script must implement the following three methods; for more information refer to the IScannerCheck specification.

def do_passive_scan(message_info, session):
    """
    The Scanner invokes this method for each base request / response that is
    passively scanned. Note: Extensions should only analyze the HTTP messages
    provided during passive scanning, and should not make any new HTTP
    requests of their own.

    :param request (IRequestResponse): The base HTTP request / response that
    should be passively scanned.
    :param session (dict): The dictionary allows storing information accross
    method calls.
    :return A list of IScanIssue objects, or null if no issues are identified.
    """
    print("Passive Scan")
    return None

def do_active_scan(message_info, insertion_point, session):
    """
    The Scanner invokes this method for each insertion point that is actively
    scanned. Extensions may issue HTTP requests as required to carry out
    active scanning, and should use the IScannerInsertionPoint object provided
    to build scan requests for particular payloads.
    Note:
    Scan checks should submit raw non-encoded payloads to insertion points,
    and the insertion point has responsibility for performing any data
    encoding that is necessary given the nature and location of the insertion
    point.

    :param request(IRequestResponse): The base HTTP request / response that
    should be actively scanned.
    :param insertion_point: An IScannerInsertionPoint object that can be
    queried to obtain details of the insertion point being tested, and can be
    used to build scan requests for particular payloads.
    :param session (dict): The dictionary allows storing information accross
    method calls.
    :return A list of IScanIssue objects, or null if no issues are identified.
    """
    print("Active Scan")
    return None

def consolidate_duplicate_issues(existing_issue, new_issue):
    """
    The Scanner invokes this method when the custom Scanner check has
    reported multiple issues for the same URL path. This can arise either
    because there are multiple distinct vulnerabilities, or because the same
    (or a similar) request has been scanned more than once. The custom check
    should determine whether the issues are duplicates. In most cases, where
    a check uses distinct issue names or descriptions for distinct issues,
    the consolidation process will simply be a matter of comparing these
    features for the two issues.

    :param existing_issue: An issue that was previously reported by this
    Scanner check.
    :param new_issue: An issue at the same URL path that has been newly
    reported by this Scanner check.
    :return An indication of which issue(s) should be reported in the main
    Scanner results. The method should return -1 to report the existing
    issue only, 0 to report both issues, and 1 to report the new issue only.
    """
    return -1

Note: The last parameter session is of type dict and can be used to store information across methods.

Clone this wiki locally