{"id":3178,"date":"2017-07-03T11:12:28","date_gmt":"2017-07-03T09:12:28","guid":{"rendered":"http:\/\/securite.intrinsec.com\/?p=3178"},"modified":"2017-07-03T11:12:28","modified_gmt":"2017-07-03T09:12:28","slug":"burp-extension-scan-manual-insertion-point","status":"publish","type":"post","link":"https:\/\/www.intrinsec.com\/en\/burp-extension-scan-manual-insertion-point\/","title":{"rendered":"Burp extension &quot;Scan manual insertion point&quot;\""},"content":{"rendered":"<p><a href=\"https:\/\/portswigger.net\/burp\/\"><em>Burp Suite Pro<\/em><\/a> is our tool of choice for webapps pentesting. We use it for manual operations but we also like its powerful scanner. However we usually prefer to use it surgically: only scan a specific parameter at a time (called an \u00abinsertion point\u00bb).<\/p>\n<p>This feature is available by sending any request to the Intruder tool, selecting the parameter with the \u00a7 markers, and using this little-known context menu item:<\/p>\n<p><img fetchpriority=\"high\" decoding=\"async\" class=\"aligncenter size-full wp-image-3179\" src=\"https:\/\/www.intrinsec.com\/wp-content\/uploads\/2017\/06\/burp-intruder.png\" alt=\"\" width=\"576\" height=\"305\" \/><\/p>\n<p>But I found this process tedious, so I decided to create a simple, but convenient, Burp extension to be able to do the same, just by selecting an area in any request from any Burp tool (without having to send it to the Intruder) and using this new context menu item:<\/p>\n<p><img decoding=\"async\" class=\"aligncenter size-full wp-image-3180\" src=\"https:\/\/www.intrinsec.com\/wp-content\/uploads\/2017\/06\/burp-scan-manual-insertion-point.png\" alt=\"\" width=\"454\" height=\"358\" \/><\/p>\n<p>The extension is available, for the free and pro versions, in the <a href=\"https:\/\/portswigger.net\/bappstore\/bapps\/details\/ca7ee4e746b54514a0ca5059329e926f\">online BApp Store<\/a> or directly in the software:<\/p>\n<p><img decoding=\"async\" class=\"aligncenter size-full wp-image-3181\" src=\"https:\/\/www.intrinsec.com\/wp-content\/uploads\/2017\/06\/bapp-store.png\" alt=\"\" width=\"938\" height=\"601\" \/><\/p>\n<p>As with every Burp extension, the source code is available on Github:<\/p>\n<ul>\n<li><a href=\"https:\/\/github.com\/portswigger\/scan-manual-insertion-point\">Portswigger&#039;s forked repository<\/a> (used to build the binary distributed to the store)<\/li>\n<li><a href=\"https:\/\/github.com\/ClementNotin\/burp-scan-manual-insertion-point\">Original repository<\/a> (used for development)<\/li>\n<\/ul>\n<p><em><span class=\"st\">\u2014 <\/span>Cl\u00e9ment Notin (<a href=\"https:\/\/twitter.com\/cnotin\">@cnotin)<\/a><\/em><\/p>\n\n\n<p class=\"wp-block-paragraph\"><\/p>","protected":false},"excerpt":{"rendered":"<p>Burp Suite Pro is our tool of choice for webapps pentesting. We use it for [\u2026]<\/p>","protected":false},"author":1,"featured_media":3192,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[13],"tags":[149,88,150,151],"class_list":["post-3178","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-evaluation-securite","tag-burp","tag-pentest","tag-tool","tag-web"],"yoast_head":"<!-- This site is optimized with the Yoast SEO Premium plugin v27.0 (Yoast SEO v27.8) - https:\/\/yoast.com\/product\/yoast-seo-premium-wordpress\/ -->\n<title>Burp extension &quot;Scan manual insertion point&quot; - INTRINSEC<\/title>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/www.intrinsec.com\/en\/burp-extension-scan-manual-insertion-point\/\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"Burp extension &quot;Scan manual insertion point&quot;\" \/>\n<meta property=\"og:description\" content=\"Burp Suite Pro is our tool of choice for webapps pentesting. We use it for [&hellip;]\" \/>\n<meta property=\"og:url\" content=\"https:\/\/www.intrinsec.com\/en\/burp-extension-scan-manual-insertion-point\/\" \/>\n<meta property=\"og:site_name\" content=\"INTRINSEC\" \/>\n<meta property=\"article:published_time\" content=\"2017-07-03T09:12:28+00:00\" \/>\n<meta name=\"author\" content=\"Intrinsec\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:creator\" content=\"@Intrinsec\" \/>\n<meta name=\"twitter:site\" content=\"@Intrinsec\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"Intrinsec\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"1 minute\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\\\/\\\/schema.org\",\"@graph\":[{\"@type\":\"Article\",\"@id\":\"https:\\\/\\\/www.intrinsec.com\\\/burp-extension-scan-manual-insertion-point\\\/#article\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/www.intrinsec.com\\\/burp-extension-scan-manual-insertion-point\\\/\"},\"author\":{\"name\":\"Intrinsec\",\"@id\":\"https:\\\/\\\/www.intrinsec.com\\\/#\\\/schema\\\/person\\\/ade590fbc7ad6f413727bae7cd3fb799\"},\"headline\":\"Burp extension &quot;Scan manual insertion point&quot;\",\"datePublished\":\"2017-07-03T09:12:28+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\\\/\\\/www.intrinsec.com\\\/burp-extension-scan-manual-insertion-point\\\/\"},\"wordCount\":182,\"commentCount\":0,\"publisher\":{\"@id\":\"https:\\\/\\\/www.intrinsec.com\\\/#organization\"},\"image\":{\"@id\":\"https:\\\/\\\/www.intrinsec.com\\\/burp-extension-scan-manual-insertion-point\\\/#primaryimage\"},\"thumbnailUrl\":\"\",\"keywords\":[\"burp\",\"pentest\",\"tool\",\"web\"],\"articleSection\":[\"S\u00e9curit\u00e9 offensive &amp; Audit\"],\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"CommentAction\",\"name\":\"Comment\",\"target\":[\"https:\\\/\\\/www.intrinsec.com\\\/burp-extension-scan-manual-insertion-point\\\/#respond\"]}]},{\"@type\":\"WebPage\",\"@id\":\"https:\\\/\\\/www.intrinsec.com\\\/burp-extension-scan-manual-insertion-point\\\/\",\"url\":\"https:\\\/\\\/www.intrinsec.com\\\/burp-extension-scan-manual-insertion-point\\\/\",\"name\":\"Burp extension &quot;Scan manual insertion point&quot; - INTRINSEC\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/www.intrinsec.com\\\/#website\"},\"primaryImageOfPage\":{\"@id\":\"https:\\\/\\\/www.intrinsec.com\\\/burp-extension-scan-manual-insertion-point\\\/#primaryimage\"},\"image\":{\"@id\":\"https:\\\/\\\/www.intrinsec.com\\\/burp-extension-scan-manual-insertion-point\\\/#primaryimage\"},\"thumbnailUrl\":\"\",\"datePublished\":\"2017-07-03T09:12:28+00:00\",\"breadcrumb\":{\"@id\":\"https:\\\/\\\/www.intrinsec.com\\\/burp-extension-scan-manual-insertion-point\\\/#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\\\/\\\/www.intrinsec.com\\\/burp-extension-scan-manual-insertion-point\\\/\"]}]},{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/www.intrinsec.com\\\/burp-extension-scan-manual-insertion-point\\\/#primaryimage\",\"url\":\"\",\"contentUrl\":\"\"},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\\\/\\\/www.intrinsec.com\\\/burp-extension-scan-manual-insertion-point\\\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Accueil\",\"item\":\"https:\\\/\\\/www.intrinsec.com\\\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"Burp extension &quot;Scan manual insertion point&quot;\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\\\/\\\/www.intrinsec.com\\\/#website\",\"url\":\"https:\\\/\\\/www.intrinsec.com\\\/\",\"name\":\"INTRINSEC\",\"description\":\"Notre m\u00e9tier , Prot\u00e9ger le v\u00f4tre\",\"publisher\":{\"@id\":\"https:\\\/\\\/www.intrinsec.com\\\/#organization\"},\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\\\/\\\/www.intrinsec.com\\\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"en-US\"},{\"@type\":\"Organization\",\"@id\":\"https:\\\/\\\/www.intrinsec.com\\\/#organization\",\"name\":\"INTRINSEC\",\"alternateName\":\"ISEC\",\"url\":\"https:\\\/\\\/www.intrinsec.com\\\/\",\"logo\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/www.intrinsec.com\\\/#\\\/schema\\\/logo\\\/image\\\/\",\"url\":\"https:\\\/\\\/www.intrinsec.com\\\/wp-content\\\/uploads\\\/2025\\\/02\\\/libellule.png\",\"contentUrl\":\"https:\\\/\\\/www.intrinsec.com\\\/wp-content\\\/uploads\\\/2025\\\/02\\\/libellule.png\",\"width\":1322,\"height\":1322,\"caption\":\"INTRINSEC\"},\"image\":{\"@id\":\"https:\\\/\\\/www.intrinsec.com\\\/#\\\/schema\\\/logo\\\/image\\\/\"},\"sameAs\":[\"https:\\\/\\\/x.com\\\/Intrinsec\",\"https:\\\/\\\/fr.linkedin.com\\\/company\\\/intrinsec\",\"https:\\\/\\\/www.youtube.com\\\/channel\\\/UC0trUZAHNZOUbxYnNdecM4A\"],\"description\":\"soci\u00e9t\u00e9 de consulting, pure player cybers\u00e9curit\u00e9 fran\u00e7ais et europ\u00e9en depuis plus de 30ans, sp\u00e9cialiste dans la s\u00e9curit\u00e9 offensive & audit (pentest\\\/red team), GRC, et services IMSS comme le SOC, CTI et CERT Intrinsec est qualifi\u00e9 PASSI Elev\u00e9, PRIS Elev\u00e9 et PACS par l'ANSSI\",\"email\":\"contact@intrinsec.com\"},{\"@type\":\"Person\",\"@id\":\"https:\\\/\\\/www.intrinsec.com\\\/#\\\/schema\\\/person\\\/ade590fbc7ad6f413727bae7cd3fb799\",\"name\":\"Intrinsec\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/fde6ed961c7078765b03a213927b5c4001b1cef4787255188f5b502a99e6ddd6?s=96&d=retro&r=g\",\"url\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/fde6ed961c7078765b03a213927b5c4001b1cef4787255188f5b502a99e6ddd6?s=96&d=retro&r=g\",\"contentUrl\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/fde6ed961c7078765b03a213927b5c4001b1cef4787255188f5b502a99e6ddd6?s=96&d=retro&r=g\",\"caption\":\"Intrinsec\"},\"sameAs\":[\"https:\\\/\\\/www.intrinsec.com\"],\"url\":\"https:\\\/\\\/www.intrinsec.com\\\/en\\\/author\\\/ufhtbqccsz\\\/\"}]}<\/script>\n<!-- \/ Yoast SEO Premium plugin. -->","yoast_head_json":{"title":"Burp extension &quot;Scan manual insertion point&quot; - INTRINSEC","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/www.intrinsec.com\/en\/burp-extension-scan-manual-insertion-point\/","og_locale":"en_US","og_type":"article","og_title":"Burp extension &quot;Scan manual insertion point&quot;","og_description":"Burp Suite Pro is our tool of choice for webapps pentesting. We use it for [&hellip;]","og_url":"https:\/\/www.intrinsec.com\/en\/burp-extension-scan-manual-insertion-point\/","og_site_name":"INTRINSEC","article_published_time":"2017-07-03T09:12:28+00:00","author":"Intrinsec","twitter_card":"summary_large_image","twitter_creator":"@Intrinsec","twitter_site":"@Intrinsec","twitter_misc":{"Written by":"Intrinsec","Est. reading time":"1 minute"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/www.intrinsec.com\/burp-extension-scan-manual-insertion-point\/#article","isPartOf":{"@id":"https:\/\/www.intrinsec.com\/burp-extension-scan-manual-insertion-point\/"},"author":{"name":"Intrinsec","@id":"https:\/\/www.intrinsec.com\/#\/schema\/person\/ade590fbc7ad6f413727bae7cd3fb799"},"headline":"Burp extension &quot;Scan manual insertion point&quot;","datePublished":"2017-07-03T09:12:28+00:00","mainEntityOfPage":{"@id":"https:\/\/www.intrinsec.com\/burp-extension-scan-manual-insertion-point\/"},"wordCount":182,"commentCount":0,"publisher":{"@id":"https:\/\/www.intrinsec.com\/#organization"},"image":{"@id":"https:\/\/www.intrinsec.com\/burp-extension-scan-manual-insertion-point\/#primaryimage"},"thumbnailUrl":"","keywords":["burp","pentest","tool","web"],"articleSection":["S\u00e9curit\u00e9 offensive &amp; Audit"],"inLanguage":"en-US","potentialAction":[{"@type":"CommentAction","name":"Comment","target":["https:\/\/www.intrinsec.com\/burp-extension-scan-manual-insertion-point\/#respond"]}]},{"@type":"WebPage","@id":"https:\/\/www.intrinsec.com\/burp-extension-scan-manual-insertion-point\/","url":"https:\/\/www.intrinsec.com\/burp-extension-scan-manual-insertion-point\/","name":"Burp extension &quot;Scan manual insertion point&quot; - INTRINSEC","isPartOf":{"@id":"https:\/\/www.intrinsec.com\/#website"},"primaryImageOfPage":{"@id":"https:\/\/www.intrinsec.com\/burp-extension-scan-manual-insertion-point\/#primaryimage"},"image":{"@id":"https:\/\/www.intrinsec.com\/burp-extension-scan-manual-insertion-point\/#primaryimage"},"thumbnailUrl":"","datePublished":"2017-07-03T09:12:28+00:00","breadcrumb":{"@id":"https:\/\/www.intrinsec.com\/burp-extension-scan-manual-insertion-point\/#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/www.intrinsec.com\/burp-extension-scan-manual-insertion-point\/"]}]},{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.intrinsec.com\/burp-extension-scan-manual-insertion-point\/#primaryimage","url":"","contentUrl":""},{"@type":"BreadcrumbList","@id":"https:\/\/www.intrinsec.com\/burp-extension-scan-manual-insertion-point\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Accueil","item":"https:\/\/www.intrinsec.com\/"},{"@type":"ListItem","position":2,"name":"Burp extension &quot;Scan manual insertion point&quot;"}]},{"@type":"WebSite","@id":"https:\/\/www.intrinsec.com\/#website","url":"https:\/\/www.intrinsec.com\/","name":"INTRINSEC","description":"Our job is to protect yours.","publisher":{"@id":"https:\/\/www.intrinsec.com\/#organization"},"potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/www.intrinsec.com\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"en-US"},{"@type":"Organization","@id":"https:\/\/www.intrinsec.com\/#organization","name":"INTRINSEC","alternateName":"ISEC","url":"https:\/\/www.intrinsec.com\/","logo":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.intrinsec.com\/#\/schema\/logo\/image\/","url":"https:\/\/www.intrinsec.com\/wp-content\/uploads\/2025\/02\/libellule.png","contentUrl":"https:\/\/www.intrinsec.com\/wp-content\/uploads\/2025\/02\/libellule.png","width":1322,"height":1322,"caption":"INTRINSEC"},"image":{"@id":"https:\/\/www.intrinsec.com\/#\/schema\/logo\/image\/"},"sameAs":["https:\/\/x.com\/Intrinsec","https:\/\/fr.linkedin.com\/company\/intrinsec","https:\/\/www.youtube.com\/channel\/UC0trUZAHNZOUbxYnNdecM4A"],"description":"Intrinsec, a consulting firm and pure-play French and European cybersecurity provider for over 30 years, specializes in offensive security and auditing (penetration testing\/red teams), GRC, and IMSS services such as SOC, CTI, and CERT. Intrinsec is qualified at PASSI High, PRIS High, and PACS levels by ANSSI.","email":"contact@intrinsec.com"},{"@type":"Person","@id":"https:\/\/www.intrinsec.com\/#\/schema\/person\/ade590fbc7ad6f413727bae7cd3fb799","name":"Intrinsic","image":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/secure.gravatar.com\/avatar\/fde6ed961c7078765b03a213927b5c4001b1cef4787255188f5b502a99e6ddd6?s=96&d=retro&r=g","url":"https:\/\/secure.gravatar.com\/avatar\/fde6ed961c7078765b03a213927b5c4001b1cef4787255188f5b502a99e6ddd6?s=96&d=retro&r=g","contentUrl":"https:\/\/secure.gravatar.com\/avatar\/fde6ed961c7078765b03a213927b5c4001b1cef4787255188f5b502a99e6ddd6?s=96&d=retro&r=g","caption":"Intrinsec"},"sameAs":["https:\/\/www.intrinsec.com"],"url":"https:\/\/www.intrinsec.com\/en\/author\/ufhtbqccsz\/"}]}},"_links":{"self":[{"href":"https:\/\/www.intrinsec.com\/en\/wp-json\/wp\/v2\/posts\/3178","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.intrinsec.com\/en\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.intrinsec.com\/en\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.intrinsec.com\/en\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/www.intrinsec.com\/en\/wp-json\/wp\/v2\/comments?post=3178"}],"version-history":[{"count":0,"href":"https:\/\/www.intrinsec.com\/en\/wp-json\/wp\/v2\/posts\/3178\/revisions"}],"wp:attachment":[{"href":"https:\/\/www.intrinsec.com\/en\/wp-json\/wp\/v2\/media?parent=3178"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.intrinsec.com\/en\/wp-json\/wp\/v2\/categories?post=3178"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.intrinsec.com\/en\/wp-json\/wp\/v2\/tags?post=3178"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}