Interface PassiveScanCheck

public interface PassiveScanCheck
Extensions can implement this interface, then call Scanner.registerPassiveScanCheck(PassiveScanCheck, ScanCheckType) to register a custom passive scan check. During an audit, Burp invokes the check to perform a passive audit on the base request according to the specified ScanCheckType. Burp reports any audit issues that are identified.

  • Method Details

    • checkName

      String checkName()
      The name Burp will use to identify this scan check.
      Returns:
      Name of the scan check.

    • doCheck

      AuditResult doCheck(HttpRequestResponse baseRequestResponse)
      The Scanner invokes this method at the registered ScanCheckType. Note: Extensions should only analyze the HTTP messages provided during a passive audit, and should not make any new HTTP requests of their own.
      Parameters:
      baseRequestResponse - The base HttpRequestResponse that should be actively audited.
      Returns:
      An AuditResult object with a list of AuditIssue objects, or an empty AuditResult object if no issues are identified.

    • consolidateIssues

      default ConsolidationAction consolidateIssues(AuditIssue existingIssue, AuditIssue newIssue)
      The Scanner invokes this method when the custom Scan check has reported multiple issues for the same URL path. This can arise either because there are multiple distinct vulnerabilities, or because the same (or a similar) request has been scanned more than once. The custom check should determine whether the issues are duplicates. In most cases, where a check uses distinct issue names or descriptions for distinct issues, the consolidation process will simply be a matter of comparing these features for the two issues.
      Parameters:
      existingIssue - An AuditIssue that was previously reported by this Scan check.
      newIssue - An AuditIssue at the same URL path that has been newly reported by this Scan check.
      Returns:
      A ConsolidationAction to determine which issue(s) should be reported in the main Scanner results.