|
|
|
|
|
|
by SCHiM
3457 days ago
|
|
|
I found burps active scanning feature in the pro version insanely valuable. So far it has found blind SQL injections, numerous xss vulns, command injection and even XXE. I think it's very hard to script such a comprehensive feature into mitmproxy (that is burp pro with collaborator servers). Still if you're comparing the free version of burp with mitmproxy they do seem very similar. I wouldn't know for sure since I've never used mitmproxy. |
|
|
For software developers doing routine integration-test security checks, I think there's probably a lot of value in the scanner. For professional testers, though, I think the scanner does more harm than good: if it's routinely spotting things you don't spot manually, you should revise your technique.