Improve automated and semi-automated active scanning in Burp Pro
Improve automated and semi-automated active scanning for BurpSuite
Author: Tobias "floyd" Ospelt, @floyd_ch, http://www.floyd.ch
Pentagrid AG, 5#, https://www.pentagrid.ch
Active Scanning might often do things that don't make much sense, such as scanning GET requests to static .js files or scanning non-repeatable requests. This extension allows to filter and preprocess according to your needs. It tries to check if a request is repeatable or not. If a request is not repeatable, it tries to make them repeatable by injecting Hackvertor tags. The extension doesn't try to be perfect, but useful. It cuts corners and in some cases simply doesn't scan certain requests. However, the extension individually displays and explains all decisions, allowing you to change the settings if you don't like the behavior. It's a better "Actively scan all in-scope traffic through Proxy".
This extension uses Hackvertor tags. Make sure Hackvertor is installed and active.
gradle clean build jar
Usage is very simple:
Improves performance by not sending everything to active scan.
Let me know if you think of any other improvements in the issues tab.