Custom scan checks are tightly integrated within Burp's scanning engine, and are invoked at the relevant stage for each base request and insertion point that the user sends for scanning. They can perform arbitrary processing, issue their own requests (when actively scanning), and report their own custom scan issues.
For the sake of this example, we've updated the demo serialized input application to contain two fictitious vulnerabilities that our extension can check for:
- An information leakage vulnerability where a content management system is copying sensitive data into some application responses.
- An input vulnerability where submitting the pipe character results in a distinctive error message, indicating an exploitable condition.
- Registering a custom scanner check.
- Performing passive and active scanning when initiated by the user.
- Using the Burp-provided IScannerInsertionPoint to construct requests for active scanning using specified payloads, without needing to understand how the insertion point works.
- Using a Burp helper method to search responses for relevant match strings.
- Highlighting relevant portions of requests and responses, in line with Burp's natively-generated scan issues.
- Synchronously reporting custom scan issues in response to the relevant checks.
- Guiding Burp on when to consolidate duplicated issues at the same URL (e.g., when the user has scanned the same item multiple times).