Hannah-PortSwigger
commented
3 months ago Hi @Hipapheralkus
Is the BCheck you are referring to this one?
Open Hipapheralkus opened 3 months ago
Hannah-PortSwigger
commented
3 months ago Hi @Hipapheralkus
Is the BCheck you are referring to this one?
Hipapheralkus
commented
3 months ago @Hannah-PortSwigger yes, that is the one:)
Hannah-PortSwigger
commented
3 months ago Thanks for confirming!
You could include some blacklisting or whitelisting through the use of an if... then.
We'd love for the BChecks repo to be community-led so if you (or anyone else) have any improvements or suggestions, a pull request would be awesome!
JaveleyQAQ
commented
3 months ago Scanning static files is inevitable because the scanner does not support suffix scan filter ðŸ˜
Hannah-PortSwigger
commented
3 months ago @JaveleyQAQ if there's some additional functionality you would like to be added, could you please raise this as a separate issue or drop us an email at support@portswigger.net?
This is so that we can make sure we have the appropriate feature request raised, and we're tracking the number of people that are interested in that functionality 🙂
JaveleyQAQ
commented
3 months ago @JaveleyQAQ if there's some additional functionality you would like to be added, could you please raise this as a separate issue or drop us an email at support@portswigger.net?
This is so that we can make sure we have the appropriate feature request raised, and we're tracking the number of people that are interested in that functionality 🙂
I believe adding this feature is necessary, and I'm not sure if most people who use Burp only use the interception feature and overlook the scanner. You should create a new feature request channel on Discord, where users can initiate polls or use reactions to gauge interest. To be honest, I dislike sending emails as it feels too formal and lacks interactivity.
Hannah-PortSwigger
commented
3 months ago Hi @JaveleyQAQ
Unfortunately, we don't have a good way of linking conversations in Discord to our internal systems for tracking feature requests and bug reports, which is why we recommend that you drop us a quick email. Alternatively, you can post in our public Support forum. This is so that we can accurately track the number of users associated with tickets, which means we can update you when something goes live. If we need any further information, we can get back to you quickly and easily. Often, we might request your diagnostics information, which can contain information that you may not wish to disclose publicly.
Another benefit of using our official Support avenues is that we aim to respond to all queries within one working day. We do not provide support through Discord, so while you may get a quick answer to a query from a Swigger or another member of the community, any issues that need in-depth investigation will be required to move to an official Support channel (email or forum).
Hi, for UUID detect there seems to be no check on the file extension/content type of the response. As it is, it throws too many issues for .svg, .gif, .exe, or other non-relevant files. Would it be possible to implement some [configurational] blacklisting on responses to which this should apply? for the example of .gif false positive:
Thanks:)