-
Notifications
You must be signed in to change notification settings - Fork 115
v2‐beta additional features
This is the second iteration of the BCheck language, released in Burp Suite Professional 2023.10.2 in September 2023.
This will allow BChecks to be run on a path-level basis, i.e. executed once per path. E.g. if a host has audit items /example/alpha.php and /example/beta.php then a per path BCheck will only be executed once. Path level BChecks use the construct:
given path then
The Path-level BCheck template which checks for exposed backup files is an example of a path level BCheck.
In insertion point-level BChecks, you can now access the insertion point base value using the pre-defined variable insertion_point_base_value.
You can see an example of this in this BCheck.
You can now raise an issue through a BCheck without causing the check to finish execution. This can be useful with the run for each construct.
You can use this functionality with the report issue and continue syntax. You can see an example of this in this BCheck.
You can retrieve Burp's user-agent string within a BCheck using the pre-defined variable user_agent. This is useful when issuing raw requests.
You can specify the name of the issue raised in a BCheck using the name attribute in the report issue block. This is useful when a single BCheck can raise multiple issues.
You can now retrieve the query string from the request being sent using the pre-defined variable query_string.
For an example, see this BCheck.