[too many false positives] UUID Detect

[Hipapheralkus]

Hi,
for UUID detect there seems to be no check on the file extension/content type of the response. As it is, it throws too many issues for .svg, .gif, .exe, or other non-relevant files. Would it be possible to implement some [configurational] blacklisting on responses to which this should apply?
for the example of .gif false positive:

Content-Type: image/gif
...
...
GIF89aN�P
...
...
<rdf:Description
       xmpMM:InstanceID="4fd9ce24-a3bc-187c-9ad4-96a900000088"
       xmpMM:DocumentID="0f55c699-c9bd-502f-7191-c4d70000005b"
...
...

Thanks:)

[Hannah-PortSwigger]

Hi @Hipapheralkus

Is the BCheck you are referring to this one?

[Hipapheralkus]

@Hannah-PortSwigger yes, that is the one:)

[Hannah-PortSwigger]

Thanks for confirming!

You could include some blacklisting or whitelisting through the use of an if... then.

We'd love for the BChecks repo to be community-led so if you (or anyone else) have any improvements or suggestions, a pull request would be awesome!

[JaveleyQAQ]

Scanning static files is inevitable because the scanner does not support suffix scan filter 😭

[Hannah-PortSwigger]

@JaveleyQAQ if there's some additional functionality you would like to be added, could you please raise this as a separate issue or drop us an email at [email protected]?

This is so that we can make sure we have the appropriate feature request raised, and we're tracking the number of people that are interested in that functionality 🙂

[JaveleyQAQ]

@JaveleyQAQ if there's some additional functionality you would like to be added, could you please raise this as a separate issue or drop us an email at [email protected]?

This is so that we can make sure we have the appropriate feature request raised, and we're tracking the number of people that are interested in that functionality 🙂

I believe adding this feature is necessary, and I'm not sure if most people who use Burp only use the interception feature and overlook the scanner. You should create a new feature request channel on Discord, where users can initiate polls or use reactions to gauge interest. To be honest, I dislike sending emails as it feels too formal and lacks interactivity.

[Hannah-PortSwigger]

Hi @JaveleyQAQ

Unfortunately, we don't have a good way of linking conversations in Discord to our internal systems for tracking feature requests and bug reports, which is why we recommend that you drop us a quick email. Alternatively, you can post in our public Support forum.
This is so that we can accurately track the number of users associated with tickets, which means we can update you when something goes live. If we need any further information, we can get back to you quickly and easily. Often, we might request your diagnostics information, which can contain information that you may not wish to disclose publicly.

Another benefit of using our official Support avenues is that we aim to respond to all queries within one working day. We do not provide support through Discord, so while you may get a quick answer to a query from a Swigger or another member of the community, any issues that need in-depth investigation will be required to move to an official Support channel (email or forum).

[PortSwiggerWiener]

Fixed by #229.