Hi folks,
I am currently trying to learn the Burp Extensibility API using this example (in Java); https://github.com/PortSwigger/example-scanner-checks and getting stuck with something.
With latest Beta version of Burp v2b18, is there a way to automatically spider+audit the server.js, that will display the vulnerability "Pipe Injection"?
When I perform an audit I see that doPassiveScan was called, but I can not get doActiveScan to be called. However, I can get doActiveScan to be called if i manually proxy a form submission request via Burp, and then scan manually.
Any suggestions will be welcomed.
Thanks!
Gary
↧
