Does doActiveScan for each param of each request will make it more "distributed"? #5
Description
Hi @albinowax
I notice that we will create a scan task for a request and its all eligible params according to the config.
distribute-damage/src/burp/BurpExtender.java
Line 300 in 82af478
So I was thinking if we could create scan task for each param of each request, e.g.
distribute-damage/src/burp/BurpExtender.java
Lines 271 to 274 in 82af478
if (!BurpExtender.scanned.contains(param_id)) {
- insertionPoints.add(new int[]{param.getValueStart(),param.getValueEnd()});
+ List<int[]> insertionPoint = new ArrayList<>();
+ insertionPoint.add(new int[]{param.getValueStart(), param.getValueEnd()});
+ if (scanItemsByHost.containsKey(host)) {
+ scanItemsByHost.get(host).add(new WorkTarget(request, insertionPoint));
+ } else {
+ ArrayDeque<WorkTarget> newQueue = new ArrayDeque<>();
+ newQueue.add(new WorkTarget(request, insertionPoint));
+ scanItemsByHost.put(host, newQueue);
+ }
BurpExtender.scanned.add(param_id);
}
}
- if (insertionPoints.isEmpty()) {
- continue;
- }
-
- if (scanItemsByHost.containsKey(host)) {
- scanItemsByHost.get(host).add(new WorkTarget(request, insertionPoints));
- } else {
- ArrayDeque<WorkTarget> newQueue = new ArrayDeque<>();
- newQueue.add(new WorkTarget(request, insertionPoints));
- scanItemsByHost.put(host, newQueue);
- }By doing this, we will create more scan tasks, and hopefully will make it more "distributed".