floyd-fuh
commented
6 years ago Hi Andrej,
Thanks, good to hear that you like the extension and its documentation.
I'm afraid file removal is out of scope for this plugin. Just as any other Active Scan plugin in Burp (and the builtin active scan) is only able to do its job when a request is repeatable, this extension is as well. So if you need such a functionality you either have to use Burp Makros or change the code of the extension. Sorry for the bad news :(
However, if you write code to do it and the corresponding UI options and send me a pull request, I'll reconsider :)
Hi,
first of all, it's an amazing extensions, and great documentation - you rarely see these 2 hand in hand:)
I've tried to scan a couple of file uploads, where you were only able to upload a specific amount (3 in my case) of files at a time. Meaning, if I run this extension, first 3 files are uploaded, but afterwards I get errors.
Would it be possible to implement a file removal? After the file is successfully uploaded and then downloaded by the tool, and inspected, it could visit yet another URL to remove the file.
Such cleanup would also be very good for regular pentests, not to overflow client with hundreds of different files:)
Many thanks,
Andrej