Git Product home page Git Product logo

burpsuite-add-and-track-custom-issues's Introduction

Add & Track Custom Issues

This extension allows custom scan issues to be added and tracked within Burp. Burp adds issues that it finds from active and passive scans, but does not allow custom issues to be created or tracked. Custom issues can now be created from different tabs within Burp by right clicking and selecting "Add & Track Custom Issue". The recommended place to create a custom issue from, is within the Target tab:

  • Select a target to create a custom scan issue for.
  • Right click in the Site Map, Contents, or Issues section to display the context menu.
  • From the context menu, select "Add & Track Custom Issue".
  • Information will automatically be filled in including the protocol, host, port, path, request, and response.
  • The issue name, severity, confidence, issue detail, issue background, remediation detail, and remediation background can then be filled in.
  • The Issue Selection tab allows predefined issues to quickly be selected, which will populate the issue name, severity, confidence, issue detail, issue background, remediation detail, and remediation background.
  • If selecting a predefined issue, it is recommended to update the Issue Detail and to add information to the Remediation Detail that ties the new issue to the predefined Issue Background and Remediation Background.
  • Once all of the needed information is filled in, click the "Add & Track Custom Issue" button to add the custom issue to the scan issues.
  • Each new issue that is added to the scan issues, will also be added to the issue selection table. This table can be exported to CSV or JSON formats, and can later be imported for future scans.
  • Issues can also be added from the extension's main tab. If there is not an issue selected from the issue table, a new blank issue can be created. If an issue is selected from the issue table, a new issue based off of the selected issue can be created.

Requirements:

This extension requires Burp Suite Professional and Jython standalone.

Main features include:

  • Add custom scan issues.
  • Track custom scan issues.
  • Delete custom scan issues.
  • Export custom scan issues to CSV and JSON formats for future scans.
  • Import previously created custom scan issues from CSV and JSON formats.

Other features that have been added include:

  • If a new issue is added from the menu option, then the protocol, host, port, path, request, and response will be filled in automatically.
  • Warning labels will appear if the scan issues table has been updated since the last export, to help users remember to save their custom scan issues in case they need them for future scans.
  • The tab key transfers focus to the next text field instead of inserting a tab into the text field.
  • Disabled text fields have a darker background color.
  • Press Ctrl+Z to undo an action.
  • Press Ctrl+Shift+Z to redo an action.
  • Press Ctrl+Y to redo an action.
  • The custom issues table can be sorted and unsorted.
  • Rows in the custom issue table can be unselected.
  • If a new issue is created from the extension's main tab, the popup dialog will be cleared if it is not already visible.
  • If the popup dialog is visible, then the issue information will be added and the rest of the panel will not be cleared, since it may contain data that was already entered for the new issue.
  • A red border will be added to any required fields that are left blank when trying to add an issue.
  • The port field has to contain a valid port.
  • The host and path fields cannot contain a space.
  • The issue name field cannot start with a space.
  • Changing the protocol dropdown will set the port for the user, but the port can still be changed manually if needed.
  • If the host field starts with http:// or https:// it will be removed because the protocol dropdown sets the protocol.
  • If the host field ends in a forward slash '/' it will be removed because one is added after the port by default.
  • If the path field does not start with a forward slash '/' one will be added.

License

MIT License

burpsuite-add-and-track-custom-issues's People

Contributors

jamesm0rr1s avatar

Recommend Projects

  • React photo React

    A declarative, efficient, and flexible JavaScript library for building user interfaces.

  • Vue.js photo Vue.js

    ๐Ÿ–– Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.

  • Typescript photo Typescript

    TypeScript is a superset of JavaScript that compiles to clean JavaScript output.

  • TensorFlow photo TensorFlow

    An Open Source Machine Learning Framework for Everyone

  • Django photo Django

    The Web framework for perfectionists with deadlines.

  • D3 photo D3

    Bring data to life with SVG, Canvas and HTML. ๐Ÿ“Š๐Ÿ“ˆ๐ŸŽ‰

Recommend Topics

  • javascript

    JavaScript (JS) is a lightweight interpreted programming language with first-class functions.

  • web

    Some thing interesting about web. New door for the world.

  • server

    A server is a program made to process requests and deliver data to clients.

  • Machine learning

    Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.

  • Game

    Some thing interesting about game, make everyone happy.

Recommend Org

  • Facebook photo Facebook

    We are working to build community through open source technology. NB: members must have two-factor auth.

  • Microsoft photo Microsoft

    Open source projects and samples from Microsoft.

  • Google photo Google

    Google โค๏ธ Open Source for everyone.

  • D3 photo D3

    Data-Driven Documents codes.