AttackSelector: Burp Suite Attack Selector Plugin

Burp Attack Selector Plugin

During latest years Burp Suite scanner checks has been expanded a lot, but unfortunately, the need for a scan time compromise has limited notably the checks executed during the scans with “Intelligent check” enabled. The current standard configuration will allow you to find the main issues but will not identify some kinds of problem. Also by modifying the Burp configuration, you will not be able to manage correctly the scans due to some actual Burp limitations.

This plugin will let you configure different settings for Burp active scanner and create some custom scanner configuration that can be launched via the menu. The plugin will automatically manage the new queue and run scans with the different configuration.

Please note that when using this plugin you should NOT use the normal active scanner nor modify Burp scanning configuration, by default the scanner will use the current configuration, so will execute only the tests configured in the running scan of this plugin. For this purpose, we created a “default” scan configuration in this plugin that will allow you “simulate” the standard active scan, but it will be managed inside of the plugin so will be compatible with our others scans.

During last week I discovered that Burp Developers are planning to add some new features like the queue management, maybe in some month my plugin will be unuseful 😉

I have to thank Federico Dotta for introducing me to Burp plugin programming and for the help given during the writing of this plugin.



When the plugin is added to Burp Suite a new tab will appear. This tab will allow you to see the plugin queue and configure your custom scanner configuration. After that, you will able to launch the scan with that configuration via the content menu created.

Configuration screenshot

Queue management screenshot

Custom menu in proxy history

Custom menu in intruder