search

PortSwigger / burp-extensions-montoya-api

Burp Extensions Api
Other
140 stars 5 forks source link

API Suggestions: Get insertpoint by AuditIssue #57

Closed Kaide0521 closed 1 year ago

Kaide0521 commented 1 year ago

In the custom burp plugin, I need to perform vulnerability reduction based on insertpoints. Can the Montoya API provide support for obtaining insertpoints through AuditIssue in the future?

Hannah-PortSwigger commented 1 year ago

Hi

Could you tell us a bit more about the functionality you are looking for?

If you prefer, you can drop us an email at support@portswigger.net

Kaide0521 commented 1 year ago

Hi, I hope the Montoya API AuditIssue class can add a function to obtain detailed insertpoints.

------------------ 原始邮件 ------------------ 发件人: "PortSwigger/burp-extensions-montoya-api" @.>; 发送时间: 2023年5月17日(星期三) 下午5:53 @.>; @.**@.>; 主题: Re: [PortSwigger/burp-extensions-montoya-api] API Suggestions: Get insertpoint by AuditIssue (Issue #57)

Hi

Could you tell us a bit more about the functionality you are looking for?

If you prefer, you can drop us an email at @.***

— Reply to this email directly, view it on GitHub, or unsubscribe. You are receiving this because you authored the thread.Message ID: @.***>

Hannah-PortSwigger commented 1 year ago

Hi

When running a scan, you can control which insertion points are used in the scan by going to "New scan > Scan configuration > Use a custom configuration > New > Audit > Insertion point types".

When registering a ScanCheck with an activeAudit(), you will have access to the AuditInsertionPoint that is currently being audited.

Kaide0521 commented 1 year ago

Hi

When running a scan, you can control which insertion points are used in the scan by going to "New scan > Scan configuration > Use a custom configuration > New > Audit > Insertion point types".

When registering a ScanCheck with an activeAudit(), you will have access to the AuditInsertionPoint that is currently being audited.

But I cannot obtain the insertpoint corresponding to the current issue discoveryed by scanner through the Montoya API

Hannah-PortSwigger commented 1 year ago

Unfortunately, in order to raise a feature request, we would need to understand why this functionality would be helpful, so that we can add the appropriate details.

Typically a payload that has been inserted into a request will be indicated by a marker. Have you had a look at retrieving the markers present in the RequestResponse associated with the issue to identify the insertion point?