The “Scan manual insertion point” Burp extension lets the user select a region of a request (typically a parameter value), and via the context menu do an active scan of just the insertion point defined by that selection. It is similar with the “actively scan defined insertion points” feature in the context menu of the Intruder, without the burden of having to send the request to the Intruder.
Just select your insertion point within a request, right click and select “Scan manual insertion point”.
More information 🔗
Burp Suite Pro is my tool of choice for webapps pentesting. I use it for manual operations but I also like its powerful scanner. However I usually prefer to use it surgically: only scan a specific parameter at a time (called an « insertion point »).
This feature is available by sending any request to the Intruder tool, selecting the parameter with the § markers, and using this little-known context menu item:
But I found this process tedious, so I decided to create a simple, but convenient, Burp extension to be able to do the same, just by selecting an area in any request from any Burp tool (without having to send it to the Intruder) and using this new context menu item:
The extension is available, for the free and pro versions, in the online BApp Store or directly in the software:
Source code 🔗
As with every Burp extension, the source code is available on Github:
- Portswigger’s forked repository (used to build the binary distributed to the store)
- Original repository (used for development)