2

After performing a audit (formerly active and passive scan) of a web app with Burp suite I manually verify and validate the issues it identifies to rule out false positives, see what is possible with the vulnerabilities identified, etc. One thing me and a few colleagues would like to be able to do is to permanently (within a project) mark an issue as "validated".

Once an issue is validated the risk rating and confidence would not be updated by Burp, and it would have a separate icon (maybe a green check mark next to the risk/confidence, or highlight an issue much like you can highlight an item in the HTTP history) that indicates the item has been validated and does not need to be checked again.

While I can use another extension like Replicator or Notes (or use an external program/checklist like excel, text document, word, onenote, etc) it would be much more intuitive to have an option to indicate an item is validated from within the issue tab.

Just curious what others do to handle this situation, OR is it possible to create an extension that could perform this highlighting?

I plan to dig into Burp extensions in the near future (few weeks)once some of my other personal projects are released/completed, just wanted to see if others have a solution for this issue, or if this is possible with extensions.

Cheers.

Freakazoidile
  • 21
  • 2
  • We agree, this would be a good feature. It is on the development plan, although likely to be a little way out. In the meantime, you can either use an external tool (I'll plug Replicator as I wrote that) or use some convention of your own. Unfortunately, it's not possible for extensions to add annotations in-place. – PortSwigger Jan 29 '19 at 09:54
  • Great to hear it is on the dev plan at some point! Thanks for the response! – Freakazoidile Jan 29 '19 at 13:18

0 Answers0