Selection: Choose for now.
A "Confirm Delete" button requires a CSRF token. Burp submits a random token, gets 403 Forbidden, and marks it as "Not Vulnerable." Use the Extension "CSRF Scanner" or configure a macro to fetch a fresh token before each scan request. burp suite scanner tutorial
: Testers choose between "Scan" (crawling and auditing) or "Crawl" only. For complex environments, users can upload API definitions or configure authenticated scanning Selection: Choose for now
First, Burp will . You will see nodes appearing in the Target map. gets 403 Forbidden