Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

[too many false positives] UUID Detect #193

Closed
Hipapheralkus opened this issue Mar 18, 2024 · 8 comments
Closed

[too many false positives] UUID Detect #193

Hipapheralkus opened this issue Mar 18, 2024 · 8 comments
Labels
bug Something isn't working good first issue Good for newcomers template Issue in BCheck template

Comments

@Hipapheralkus
Copy link
Contributor

Hi,
for UUID detect there seems to be no check on the file extension/content type of the response. As it is, it throws too many issues for .svg, .gif, .exe, or other non-relevant files. Would it be possible to implement some [configurational] blacklisting on responses to which this should apply?
for the example of .gif false positive:

Content-Type: image/gif
...
...
GIF89aN�P
...
...
<rdf:Description
       xmpMM:InstanceID="4fd9ce24-a3bc-187c-9ad4-96a900000088"
       xmpMM:DocumentID="0f55c699-c9bd-502f-7191-c4d70000005b"
...
...

Thanks:)

@Hipapheralkus Hipapheralkus added the bug Something isn't working label Mar 18, 2024
@PortSwiggerWiener PortSwiggerWiener added template Issue in BCheck template good first issue Good for newcomers labels Mar 18, 2024
@Hannah-PortSwigger
Copy link
Contributor

Hi @Hipapheralkus

Is the BCheck you are referring to this one?

@Hipapheralkus
Copy link
Contributor Author

@Hannah-PortSwigger yes, that is the one:)

@Hannah-PortSwigger
Copy link
Contributor

Thanks for confirming!

You could include some blacklisting or whitelisting through the use of an if... then.

We'd love for the BChecks repo to be community-led so if you (or anyone else) have any improvements or suggestions, a pull request would be awesome!

@JaveleyQAQ
Copy link
Contributor

Scanning static files is inevitable because the scanner does not support suffix scan filter 😭

@Hannah-PortSwigger
Copy link
Contributor

Hannah-PortSwigger commented Mar 28, 2024

@JaveleyQAQ if there's some additional functionality you would like to be added, could you please raise this as a separate issue or drop us an email at [email protected]?

This is so that we can make sure we have the appropriate feature request raised, and we're tracking the number of people that are interested in that functionality 🙂

@JaveleyQAQ
Copy link
Contributor

@JaveleyQAQ if there's some additional functionality you would like to be added, could you please raise this as a separate issue or drop us an email at [email protected]?

This is so that we can make sure we have the appropriate feature request raised, and we're tracking the number of people that are interested in that functionality 🙂

I believe adding this feature is necessary, and I'm not sure if most people who use Burp only use the interception feature and overlook the scanner. You should create a new feature request channel on Discord, where users can initiate polls or use reactions to gauge interest. To be honest, I dislike sending emails as it feels too formal and lacks interactivity.

@Hannah-PortSwigger
Copy link
Contributor

Hannah-PortSwigger commented Apr 3, 2024

Hi @JaveleyQAQ

Unfortunately, we don't have a good way of linking conversations in Discord to our internal systems for tracking feature requests and bug reports, which is why we recommend that you drop us a quick email. Alternatively, you can post in our public Support forum.
This is so that we can accurately track the number of users associated with tickets, which means we can update you when something goes live. If we need any further information, we can get back to you quickly and easily. Often, we might request your diagnostics information, which can contain information that you may not wish to disclose publicly.

Another benefit of using our official Support avenues is that we aim to respond to all queries within one working day. We do not provide support through Discord, so while you may get a quick answer to a query from a Swigger or another member of the community, any issues that need in-depth investigation will be required to move to an official Support channel (email or forum).

@PortSwiggerWiener
Copy link
Collaborator

Fixed by #229.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
bug Something isn't working good first issue Good for newcomers template Issue in BCheck template
Development

No branches or pull requests

4 participants