The Burp Suite User Forum was discontinued on the 1st November 2024.

Burp Suite User Forum

For support requests, go to the Support Center. To discuss with other Burp users, head to our Discord page.

SUPPORT CENTER DISCORD

Found 250 posts in 241 threads

How can I "Observe that the response contains your role ID."

server response, for me, contains the following JSON: { "username": "wiener", "email": "test@hotmail.com I can then resend the POST request with the following JSON included in the body: {"email":"test@hotmail.com

Last updated: Feb 02, 2020 06:44AM UTC | 3 Agent replies | 4 Community replies | How do I?

Get the Free Community Burp Suite Software to Run

chr892@hotmail.com

Last updated: Dec 07, 2020 08:47AM UTC | 1 Agent replies | 0 Community replies | How do I?

my burp suite profsional desnt

omanrich87@hotmail.com

Last updated: Oct 19, 2020 07:31AM UTC | 1 Agent replies | 0 Community replies | How do I?

Lab: CSRF where token is duplicated in cookie

web-security-academy.net/my-account/change-email" method="POST"> <input type="hidden" name="email" value="test2@hotmail.com

Last updated: May 27, 2024 08:52AM UTC | 1 Agent replies | 1 Community replies | How do I?

CI/CD API scan using REST API (native API)

Want to know how can that be achieved using the Burp's native API.

Last updated: Apr 18, 2023 06:48AM UTC | 1 Agent replies | 0 Community replies | How do I?

AWS API

Would it be best to create an API for the http requests coming from the web application?

Last updated: Aug 09, 2022 08:30AM UTC | 2 Agent replies | 1 Community replies | How do I?

API Scanning

Hi Team, I am unable to find configurations for API scanning I think its not available for trial version

Last updated: Dec 07, 2020 02:17PM UTC | 2 Agent replies | 1 Community replies | Feature Requests

Spider api

burpsuite extension, I want to know if the spider crawl is complete and whether there is a relevant api Whether burpsuite should add more api

Last updated: Dec 29, 2020 02:28PM UTC | 2 Agent replies | 1 Community replies | Burp Extensions

API Testing

Hi, I will need your help.I have a project that has to do with API pentest. How can Burp help me? I was given a url and token for the API . How can I connect to the API and test for vulnerability? Urgent please! Thank you

Last updated: Mar 22, 2021 04:46AM UTC | 1 Agent replies | 1 Community replies | How do I?

Burp Extender API and Montoya API

What is the different between Burp Extender API and Montoya API? Can I use Burp Extender API from Montoyal API ?

Last updated: Aug 28, 2023 09:08AM UTC | 1 Agent replies | 0 Community replies | How do I?

Burp API

I want to automate BurpSuite scans using burp's REST API (https://portswigger.net/blog/burps-new-rest-api

Last updated: Nov 12, 2019 08:27AM UTC | 1 Agent replies | 1 Community replies | How do I?

API scan

How do Perform API's from Burp.

Last updated: Jan 21, 2021 08:13AM UTC | 3 Agent replies | 2 Community replies | How do I?

REST API

Hey Burp Team, having some issues with how the Burp Suite Enterprise Edition REST API functions. However, my team sets up the site in BSEE either through the dashboard or using the GraphQL API endpoint To have the REST API match the preconfigured site, the list of URLs and the site name must be exactly Is there a roadmap to have the REST API endpoint optionally use the site ID to request a new scan? Or move that functionality to the GraphQL API, which already leans into the ID functionality?

Last updated: Apr 23, 2021 10:20AM UTC | 1 Agent replies | 0 Community replies | Feature Requests

API PENTEST

While I am doing the rest api pentest, I manually enter the available variables from excel each time or do you have easier method for rest api pentest? I think I explained it complicated. POST /api/{variable1}?

Last updated: Dec 20, 2022 02:03PM UTC | 1 Agent replies | 0 Community replies | How do I?

API Scans

I trying to scan API in my environment, and I have a question.

Last updated: Sep 25, 2024 01:06PM UTC | 1 Agent replies | 0 Community replies | How do I?

WebSocket API

I'm dealing more and more with websockets: is there _any_ way to modify requests on the fly? I'm not afraid of writing a custom extension or fiddle with scripting my own tools. FWIW, if you provide some guidance, I could...

Last updated: Jul 06, 2023 08:29AM UTC | 9 Agent replies | 11 Community replies | Burp Extensions

Burp API Useage

How Do I stop the scanner from running through API calls? the spider but nothing to indicate if it has finished spidering or if it can be stopped through the api

Last updated: Sep 05, 2016 08:55AM UTC | 2 Agent replies | 2 Community replies | How do I?

Websockets API support

I'm running into wss more as we see the shift towards single page, media rich applications. As such, I often find the need to implement custom deserialization of binary websockets messages. It would be helpful if I could...

Last updated: Dec 14, 2020 09:32AM UTC | 5 Agent replies | 17 Community replies | Feature Requests

Rest API Scanning

Is there an anticipated timeline available for api scanning feature to be available in BurpSuite Enterprise

Last updated: Nov 20, 2020 08:37AM UTC | 4 Agent replies | 2 Community replies | Feature Requests

Testing Rest API

How API is verified by Burp as there exist a vulnerability or not?

Last updated: Mar 07, 2023 11:09AM UTC | 1 Agent replies | 0 Community replies | How do I?

API extensions

Hi, I wrote an extension some time ago, but abandoned it due to missing API functionality.

Last updated: Oct 06, 2017 01:52PM UTC | 1 Agent replies | 0 Community replies | Feature Requests

graphQL API

I maybe doing things the wrong way but I am trying to get all issues type of all scans with the API

Last updated: Jul 23, 2020 02:59PM UTC | 3 Agent replies | 1 Community replies | How do I?

API query

Hi, I have lots of powershell scripts calling the api (Graphql) and don't seem to see a way of linking https://portswigger.net/burp/extensibility/enterprise/graphql-api/SiteTree.html Any help would be

Last updated: Feb 11, 2021 09:03AM UTC | 1 Agent replies | 0 Community replies | How do I?

REST API Functionality

Hi , I have been using the Burp Suite Enterprise Edition REST API. Is there any API or possible way of accruing the SCAN ID by passing the projectname or sitename that If not, can you help me figure how to get the SCAN ID from Jenkins and use it in the POST api for getting

Do you have any API ,other than the three mentioned in the API Documentation?

Last updated: Apr 19, 2021 10:22AM UTC | 3 Agent replies | 3 Community replies | How do I?

Montoya API enums

Hi, I was wondering if you could change the Montoya API enum classes. Therefore, the entire API relies on something that is final and can't be extended.

Last updated: Aug 24, 2023 01:04PM UTC | 2 Agent replies | 1 Community replies | Burp Extensions

Authenticated API Scan

How can I perform an authenticated API scan using the new API scanning functionality?

Last updated: Apr 12, 2024 09:05AM UTC | 1 Agent replies | 0 Community replies | How do I?

REST API Scanning

There seems to be no way to change these values to be more relevant to the API being tested, and adding configure the scanner to remove parameters from the scan; *** Above all else, this is the issue that makes API scanning next to useless as it currently stands*** 2) Some API requests are automatically deselected

Last updated: Aug 01, 2024 02:47PM UTC | 1 Agent replies | 0 Community replies | How do I?

Scope manipulation API

Is there a way to use these or any other API call to perform actions like those available on the GUI,

Last updated: Jan 22, 2019 10:37AM UTC | 1 Agent replies | 1 Community replies | Burp Extensions

Using GraphQL API

I'm getting "unauthorized" message when using GraphQL API with Postman. I'm using a valid API Key, but apparently, I'm not configuring it properly. Could please let me know how to use API key on authorization header using Postman (or curl or httpie)

Last updated: May 27, 2020 07:15AM UTC | 2 Agent replies | 1 Community replies | How do I?

API Integration Options

Hi, I am currently evaluating the BS Enterprise Edition and have some questions about the various API After looking at the GraphQL API, it seems very well documented and supported, however, I don't see the Or is that something I can only do through the REST API and/or CI driver? (b) Does the CI driver provide the same query operations that the GraphQL API offers, or does it only support the same 3 operations that the REST API supports?

Last updated: Oct 15, 2021 10:32AM UTC | 2 Agent replies | 1 Community replies | How do I?

call graphql api

Hi dear, I wanted to call graphql api, but I have a problem in my code, I use .net 6.0. When I called the api from PostMan everything's are OK, but when I call it from my code the response

Last updated: Jan 18, 2022 09:45AM UTC | 2 Agent replies | 1 Community replies | How do I?

modifications visible in the proxy

Please see the API documentation: https://portswigger.net/burp/extender/api/burp/IInterceptedProxyMessage.html

Last updated: Jan 24, 2017 03:30PM UTC | 3 Agent replies | 2 Community replies | How do I?

content discovery API access?

agent's response: "There isn’t currently any way to use Burp’s own Content Discovery feature via the API

Last updated: Jan 28, 2020 08:49AM UTC | 3 Agent replies | 2 Community replies | Feature Requests

Provision for API testing

Is there any provision for API Testing in Burp ?

Can u test SOAP / REST API using Burp suite only ?

Can we test SOAP / REST API using Burp suite only ?

Last updated: Nov 03, 2017 09:08AM UTC | 2 Agent replies | 2 Community replies | How do I?

Audit a REST API

There's a way to audit a rest API with Burp enterprise using the swagger file like with OpenAPI Parser

Last updated: Feb 19, 2020 01:45PM UTC | 1 Agent replies | 0 Community replies | How do I?

Extending REST API functionality

would are now developing some web interface in which we can feed urls and send them to to Burp REST API We think that the API should and needs to be extended for better functionality like adding the following

Last updated: Jun 17, 2020 08:07AM UTC | 1 Agent replies | 0 Community replies | Feature Requests

BurpSuite Pro REST API

is it possible to use the GET /SCAN/[task_id] to obtain information on a running "live audit". id like to know details like how many requests it is making currently, how many queued, how many issues found etc. i can see...

Last updated: Jul 01, 2021 11:20AM UTC | 3 Agent replies | 2 Community replies | How do I?

Finding Sensitive API Keys

While reviewing a site, I noticed that some API keys, including NREUM and Bootstrap are exposed. How do I know if this exposed information is critical enough to report (Any suggestions on general API

Last updated: Nov 01, 2022 08:35AM UTC | 1 Agent replies | 0 Community replies | How do I?

Extender API broken link

Download the Burp Extender interface files" but that points to https://portswigger.net/burp/extender/api

Last updated: Oct 20, 2015 08:50AM UTC | 1 Agent replies | 0 Community replies | Burp Extensions

Burp Enterprise API scan

Hi, I just wanted to know whether Burp enterprise has API scanning facility ?

Last updated: Nov 28, 2023 02:28PM UTC | 2 Agent replies | 2 Community replies | How do I?

Extension API for WebSocket

Are these kind of API currently in your Roadmap? Thank you! Federico

Last updated: Jan 04, 2023 02:34PM UTC | 4 Agent replies | 3 Community replies | Feature Requests

Burp Suite Pro - API

Hi, Is it possible to make use of API to perform some tasks with the Burp Suite Pro?

Last updated: Dec 19, 2022 08:59AM UTC | 3 Agent replies | 4 Community replies | How do I?

problem with API scanning

Burp Suite Professional still can't crawl the API endpoint on my target site.

Last updated: Mar 15, 2023 10:28AM UTC | 1 Agent replies | 0 Community replies | How do I?

API scanning using dastardly

I am unable to scan api endpoint using api defination. :13.0237514Z 2023-08-20 12:50:13 INFO dastardly.EventLogPrinter - Aug 20 2023 12:50:10 DEBUG Found API

Last updated: Aug 21, 2023 08:09AM UTC | 1 Agent replies | 0 Community replies | How do I?

Extender API Parameters

https://portswigger.net/burp/extender/api/allclasses-noframe.html

Last updated: Jan 03, 2017 10:19AM UTC | 1 Agent replies | 0 Community replies | Burp Extensions

Call GraphQL API

I'm having trouble calling GraphQL API on our Enterprise BurpSuite server. For example, our burpsuite enterprise URL is http://<BURPURL> I tried calling ScanReport GraphQL API via Postman as follows: Endpoint: http://<BURPURL> Headers: "Authorization:<API KEY MY ADMIN SENT

Last updated: Jun 18, 2020 07:54PM UTC | 1 Agent replies | 3 Community replies | How do I?

Montoya API NoSuchMethodError

MenuItem.basicMenuItem("# of added columns"); I'm using last version of Burp Professional and last version of Montoya API

Last updated: Jun 08, 2023 03:26PM UTC | 5 Agent replies | 5 Community replies | Bug Reports

Can We Implement a "Create New Group" API to the Montoya API?

I'm currently working on a Burp extension that uses the Montoya API. requests to the Burp Repeater, and it would be great if I could create a new tab group using the Montoya API Do you have any plans to extend the Montoya API in the near future?

Last updated: Sep 23, 2024 12:22PM UTC | 3 Agent replies | 2 Community replies | Burp Extensions

rest api document inquiry

Is there a rest api for automation? If it exists, please provide api documentation or link.

Last updated: Mar 17, 2020 10:55AM UTC | 1 Agent replies | 0 Community replies | How do I?

Crawler API for Burp

I am looking at https://portswigger.net/burp/extender/api/, but only find doActiveScan and doPassiveScan Does Burp Extender API have a way to configure crawler and start it?

Last updated: Aug 30, 2023 01:28PM UTC | 4 Agent replies | 3 Community replies | How do I?

API Rest BURP PRO

We are automating the scan of launch URLs from the API point and we noticed the following behavior. 1 - launch scan API curl -vgw "\n" -X POST 'http://XXX.xxx.xxx.xx:91/APIKEY/v0.1/scan' -d '{"urls"

Last updated: Dec 06, 2022 12:21PM UTC | 2 Agent replies | 1 Community replies | Bug Reports

Burp API Hostname Resolution

James Kettle mentioned that the extension uses the burp API and does not explicitly do a hostname check

Last updated: Nov 17, 2022 02:30PM UTC | 2 Agent replies | 2 Community replies | Burp Extensions

REST API - Crawl Only

Hi Burp Team, I would like two additional REST API endpoints that support crawl only functionality

Last updated: Oct 02, 2020 09:10AM UTC | 2 Agent replies | 1 Community replies | Feature Requests

Initiating scans through API

Hi, Every scan initiated via Burp's API initiates a crawling and auditing stage.

Last updated: Oct 07, 2019 01:43PM UTC | 2 Agent replies | 1 Community replies | How do I?

Burp REST API scanning

Hello, Is there a way to use Burp PRO's REST API to scan all URLs in an existing sitemap?

Last updated: Jan 15, 2021 09:28AM UTC | 5 Agent replies | 4 Community replies | How do I?

Regarding Rest API working

are available for use and also we are trying to setup scan scheduling and adding sites using REST API

Last updated: Sep 01, 2020 01:44PM UTC | 1 Agent replies | 0 Community replies | How do I?

Testing WEB API connection

HELLO DEARS, I need to test an authenticated WEB API, through a header "AUTORIZATION" + <STRING OF 30 So, how could I configure the authorization code so that the API can be tested?

Last updated: Jul 21, 2021 08:02AM UTC | 1 Agent replies | 0 Community replies | How do I?

API Rest withou GUI

have installed burp PRO on an Ubuntu server I didn't find a way to include a key to access the REST Api with GUI access and tried to use the UserConfigPro.json file on the Ubuntu server, without success the api

Last updated: Jan 11, 2022 08:25AM UTC | 1 Agent replies | 1 Community replies | How do I?

No API key provided

I'm trying to use the browser in burp suite but I'm getting this error: {"apiKey":"no api key provided

Last updated: Nov 03, 2023 09:00AM UTC | 2 Agent replies | 1 Community replies | How do I?

v2.0.x Extender API iScanQueueItem.getPercentageComplete() does not work

While testing https://github.com/vmware/burp-rest-api/, we realized that there is a bug in the Burp Extender API iScanQueueItem.getPercentageComplete() for Burp Professional v2.x (beta). Please see https://github.com/vmware/burp-rest-api/issues/80 for the original bug.

You can browse the API documentation at [Service URL]/[API key]. - https://portswigger.net/blog/burps-new-rest-api

I am talking about the ***Extender API*** https://portswigger.net/burp/extender/api/index.html Is there a Javadoc of the new Extender API since it's not 100% compatible with previous versions?

Last updated: Dec 13, 2018 11:21AM UTC | 4 Agent replies | 3 Community replies | Bug Reports

Extender API JavaDoc is Down

Hello, The Burp Extender API JavaDoc link (https://portswigger.net/burp/extender/api/index.html) currently

Last updated: Jul 10, 2015 05:08PM UTC | 0 Agent replies | 0 Community replies | Bug Reports

Get Spider Status thru API

I don't think, there is a way we can get the status of Spider tool thru API.

Last updated: Mar 16, 2018 03:31AM UTC | 2 Agent replies | 1 Community replies | How do I?

API documentation for evidence types

Hi, I'm trying to write a script that can parse the json output of a scan from the rest API (Professional

Last updated: Dec 15, 2020 03:13PM UTC | 3 Agent replies | 2 Community replies | How do I?

Scan API with BurpSuite Pro

Hi, How i can scan an API with the Pro edition?

Last updated: Mar 18, 2021 12:19PM UTC | 1 Agent replies | 1 Community replies | How do I?

Turn on REST API headless

Hey, I am using the latest version of Burp Pro (jar) and I would like to use the API. I need to turn on the API and make an API key while headless. I tried to run the same jar on a machine that has a GUI and enabling the API there and created an API it looks kinda like this: { "user_options":{ "misc":{ "api":{ When performing running Burp this way on the machine that does have a GUI (and where the API is already

Last updated: Oct 01, 2021 07:59AM UTC | 1 Agent replies | 2 Community replies | How do I?

API Scanning with Burp Enterprise

Hello, I would like to scan APIs with Burp Enterprise. I have the relevant OpenAPI specs as files (JSON or YAML). However, it is unclear how I can leverage them to configure my scans, and I cannot find a clear...

Last updated: Oct 31, 2022 11:28AM UTC | 2 Agent replies | 1 Community replies | How do I?

SQLMap API is NOT running

I'm trying to use the SQLiPy extension but Burp won't recognize that the API is running. When I try to start the API through the interface, nothing happens. When I start the API through the CLI with "python sqlmapapi.py -s -H 127.0.0.1 -p 9090" it successfully runs but Burpsuite still says that the API is NOT running.

Last updated: Nov 23, 2022 08:07AM UTC | 1 Agent replies | 0 Community replies | Burp Extensions

Hidden API for IHttpRequestResponse objects?

Hello, I found a suprising behavior in the Extender API (using Jython). Given the API documentation (both online http://portswigger.net/burp/extender/api/burp/IHttpRequestResponse.html

Last updated: Apr 14, 2015 09:30AM UTC | 1 Agent replies | 1 Community replies | Bug Reports

Stop scanning form API call

Hi, Is there any API to stop scanning and start scanning.

Last updated: Aug 24, 2016 08:48AM UTC | 1 Agent replies | 0 Community replies | Burp Extensions

Burp REST API - capturing traffic

Hi, in my experience, launching an active scan on valid dataset from Proxy is the best approach. We have regular releases, triggering test packs for changed functionality which can be routed through Burp Suite. So far, we...

Last updated: Sep 26, 2018 01:22PM UTC | 1 Agent replies | 0 Community replies | Feature Requests

Scanning application - Angular 11 (frontend) and Spring Boot (backend)

My API is token secured (). Can Burp Suite scan a secured API?

Last updated: Jun 22, 2021 08:27AM UTC | 3 Agent replies | 2 Community replies | How do I?

Collaborator Token definition & "API" Access

Provide an official "API" to access the collaborator subdomains (Like the "Poll now", but also for a

Last updated: Jan 06, 2022 06:15PM UTC | 2 Agent replies | 1 Community replies | Feature Requests

Creating Folder using GraphQL Api

I'm having a trouble creating a folder using the graphql api, I'm using the following query : mutation

Last updated: Jun 01, 2022 10:03AM UTC | 1 Agent replies | 1 Community replies | How do I?

Can't Access Extensibility API documentation

I can open https://portswigger.net/burp/extender/api/index.html but whichever link I click on this page

Last updated: Jun 16, 2022 09:51AM UTC | 1 Agent replies | 0 Community replies | Bug Reports

Sending Request using Montoya API

Hi Guys, Sending requests using the Montoya API based on examples is to use the following : `

Last updated: Jan 08, 2024 03:25PM UTC | 3 Agent replies | 4 Community replies | Burp Extensions

REST API - OAuth 2.0

How do I capture the OAuth 2.0 information when performing the REST API security testing in Enterprise

Last updated: Dec 31, 2021 10:18AM UTC | 1 Agent replies | 0 Community replies | How do I?

Test a REST API

Hi Team simple question how to test rest API in burp.There is any way step how to test it in Burp.?

Last updated: Mar 22, 2023 11:05AM UTC | 2 Agent replies | 1 Community replies | How do I?

SWAGGER FOR API INTEGRATION

Hello everyone, We are integrating Burp Enterprise with our Jira. Where can I find Swagger's path so we can analyze it? Best Regards,

Last updated: Dec 06, 2023 01:31PM UTC | 1 Agent replies | 0 Community replies | How do I?

reset progress of api

hello portswigger team reset my progress of api testing

Last updated: May 01, 2024 07:08AM UTC | 1 Agent replies | 0 Community replies | How do I?

Montoya API Scanner Examples

I'm trying to build an extension that reads results from the BurpSuite Pro scanner using the Montoya API

Last updated: Jun 05, 2024 12:34PM UTC | 2 Agent replies | 2 Community replies | Burp Extensions

Expose class/method/functions of burp extension via rest api in python

The VMware REST API exposes the Extender API functionality at a web endpoint. You can find the Extender API documentation online here: https://portswigger.net/burp/extender/api/

Last updated: Jul 15, 2022 09:43AM UTC | 2 Agent replies | 1 Community replies | Feature Requests

Burp-Enterprise REST-API: Creating a Folder,Sub-folders and Site through REST-API endpoints.

Hi, I was looking for REST-API endpoints to create a Folder, Sub-folders and new site.

Last updated: Nov 20, 2020 08:47AM UTC | 3 Agent replies | 1 Community replies | Bug Reports

Burp-Enterprise REST-API: Creating a Folder,Sub-folders and Site through REST-API endpoints.

Hi, I was looking for REST-API endpoints to create a Folder, Sub-folders and new site.

Last updated: Apr 15, 2020 05:49AM UTC | 0 Agent replies | 0 Community replies | How do I?

API Support for repeater & Sequencer

http://forum.portswigger.net/thread/1117/api-sequencer As per your response for API support for Sequencer On a Similar note, do you have a roadmap to support the the 'Go' action in BURP API?

Last updated: Oct 30, 2015 01:11PM UTC | 1 Agent replies | 0 Community replies | Feature Requests

Resume the Scanner thru API

understanding is, even though Spider is paused, it starts running upon calling sendToSpider() method from API

Last updated: Aug 03, 2016 05:29PM UTC | 2 Agent replies | 2 Community replies | How do I?

Burp API Javadoc not accessible

I noticed that the javadoc for the Burp API is no longer accessible. https://portswigger.net/burp/extender/api/

Last updated: Oct 15, 2018 07:07AM UTC | 1 Agent replies | 0 Community replies | Burp Extensions

Burp new rest api feature

Hi, I am trying to use rest api feature on my professional.

Last updated: Oct 25, 2018 10:24AM UTC | 1 Agent replies | 0 Community replies | How do I?

BURP api is not working

Hi Team, I have generated api key and keeping http://127.0.0.1:1337 service running in useroption http://127.0.0.1:1337/v0.1/ it is working fine but When i am trying to http://127.0.0.1:1337/<your API

Last updated: Jun 21, 2022 12:48PM UTC | 1 Agent replies | 0 Community replies | How do I?

Montoya API Burp HTTP Request

Usually, I would use a PrintWriter, but how can I do this with this API?

Last updated: Jan 20, 2023 04:02PM UTC | 1 Agent replies | 0 Community replies | How do I?

how to Scan API website

Hi Team I want to Scan My API website, but it inform "No valid server URLs found.

Last updated: May 17, 2024 01:40PM UTC | 1 Agent replies | 0 Community replies | How do I?

Burp 2.0 Rest API documentation

Where can I get detailed documentation of the Burp 2.0 Rest API (https://portswigger.net/blog/burps-new-rest-api The above API call do not seem to return any task-id that I can see. supplies the task-id to get the status or results of the scan using the GET '/scan/[task_id: string]' API What does one specify an API key and where to obtain one? Assuming it is not desirable to not enable "Allow access without an API key" setting.

Last updated: Jul 01, 2019 02:45PM UTC | 3 Agent replies | 2 Community replies | How do I?

Burp Pro API Scan Error

We start Burp and REST API Service 2.POST a scan to url "https://example.com" 3.We GET the issues from

Last updated: Jun 29, 2020 08:02AM UTC | 1 Agent replies | 0 Community replies | Bug Reports

Enterprise API Custom Configuration Failure

When I create a custom configuration I am unable to use the Custom Configuration with the API to execute The call is "curl -vgw "\n" -x POST 'https://[myburpscanner]:8443/api/[user api key]/v0.1/scan' -d '{

Last updated: Jul 03, 2020 11:32AM UTC | 1 Agent replies | 0 Community replies | Bug Reports

Getting scan results from API

The API works nice, besides that I supposed that using API I will be able to get scan results that were

Last updated: Oct 29, 2020 05:24PM UTC | 1 Agent replies | 1 Community replies | Bug Reports

API to get repeater history

Hi, we want API to get repeater history. Though burp API provides proxy history API (getProxyHistory), there is no repeater history API. If there is an API to get repeater history, it is really helpful for us to get the all repeater requests there is a same feature requests in Logger++ extension, but they can't do because there is no burp API

Last updated: Dec 24, 2021 03:15AM UTC | 0 Agent replies | 0 Community replies | Feature Requests

API to get repeater history

Hi, we want API to get repeater history. Though burp API provides proxy history API (getProxyHistory), there is no repeater history API. If there is an API to get repeater history, it is really helpful for us to get the all repeater requests there is a same feature requests in Logger++ extension, but they can't do because there is no burp API

Last updated: Dec 24, 2021 04:00PM UTC | 1 Agent replies | 0 Community replies | Feature Requests

Get scope list

I am using java api

Last updated: Sep 12, 2022 09:40PM UTC | 2 Agent replies | 4 Community replies | Burp Extensions

Montoya API - Custom Scanner Check

Thanks for creating a new Burp Extension API, I am testing the new Montoya API to create a plugin with

Last updated: Nov 02, 2022 11:35AM UTC | 2 Agent replies | 3 Community replies | Burp Extensions

Burp Extension/API DOM Checks

When Burp performs DOM-based scanning, is it possible to utilize the API to extend the scanning to identify

Last updated: Jul 17, 2023 01:14PM UTC | 2 Agent replies | 1 Community replies | Feature Requests

Python GraphQL API -- No Response

Hey BurpSuite, I've been attempting to test some python code to interact with the GraphQL API and

Last updated: Jan 02, 2024 11:15AM UTC | 3 Agent replies | 2 Community replies | How do I?

Extend API Functionality (Stream Proxy + WebSocket)

Hi, I want to write new extensions for BurpSuite, For one of them i need To Set Stream Proxy (PyMultitor), For the other one i need to see WebSocket Raw Sockets To Show And Fuzz Every Parameter.

Last updated: Sep 26, 2016 08:53AM UTC | 1 Agent replies | 0 Community replies | Feature Requests

Extender API for Custom OAST Servers

It would be really handy for testing if PortSwigger could add (or update) an Extender API to allow developers Currently only the generation of payloads and polling is available in the IBurpCollaboratorClientContext API

Last updated: Jul 12, 2022 10:37AM UTC | 1 Agent replies | 0 Community replies | Feature Requests

Adding Discovery to the Montoya API

At the moment there's no Montoya API for the functionality I can find. Are Discovery overrides on the current API roadmap?

Last updated: Aug 29, 2023 09:41AM UTC | 1 Agent replies | 0 Community replies | Feature Requests

API Testing using Postman Collection file

Is there any Burp Extension to run API Testing using Postman Collection file?

Last updated: Jun 06, 2024 09:13AM UTC | 1 Agent replies | 0 Community replies | Burp Extensions

Disable pretty print through Burp Api?

Hello, is there any way to disable pretty print on IMessageEditorTab through Burp Api?

Last updated: Mar 05, 2021 12:02PM UTC | 1 Agent replies | 1 Community replies | Burp Extensions

Documentation of the BURP rest API

Hi, We would like to obtain the documentation of the rest API for burp suite pro. example, using the /v0.1/scan endpoint with a URL callback as parameter as described in the enterprise API

Last updated: Jul 16, 2021 09:01AM UTC | 1 Agent replies | 0 Community replies | Feature Requests

burteforce API endpoint that use encoding

Hello, i have request format like this POST /api/login HTTP/1.1 Host: www.domain.com Device_type

Last updated: Jul 05, 2024 03:45PM UTC | 2 Agent replies | 1 Community replies | How do I?

extension to the intruder api

Hi, I was wondering if you guys had any plans to bring an update to the burp-api, containing an extension of the api for the intruder? intruders "request-firing", "response-storing", "grep-extract from response" feature via the extension-api E.g.: I get use an api call to define and start an intruderAttack. Those in turn I can hand over to another api-call which uses the user-defineable "repsonse-patterns"

Last updated: Mar 05, 2018 08:52AM UTC | 1 Agent replies | 0 Community replies | Feature Requests

burp API inside a docker

Hello, I used the api from https://github.com/vmware/burp-rest-api, but i would like to switch to the official burp rest api. can see the port 8080 listening, but the port 1337 is not listening and so i cannot use the burp rest api

Last updated: Jan 27, 2020 08:17AM UTC | 0 Agent replies | 0 Community replies | How do I?

Enterprise REST API False Positives

When a finding is marked as a False Positive in the web ui, it is not updated in the API output. finding marked as False Positive in the web ui but then it is still listed as a valid finding in the API Can the API output be updated to respect the web ui findings? Also, is there a switch for the scan progress API task to include/exclude False Positives like there

Last updated: Feb 05, 2020 08:25AM UTC | 1 Agent replies | 0 Community replies | How do I?

Run consecutive scans from API

Hi, I want to start scans from the API.

Last updated: Jun 02, 2020 08:52AM UTC | 2 Agent replies | 1 Community replies | How do I?

How do I scan API

Is there a way to scan APIs REST or other ?

Last updated: May 27, 2020 01:57PM UTC | 1 Agent replies | 1 Community replies | How do I?

setHTTPService API method appears broken

Hello, I have successfully created an HTTP request as such: httpService = self._helpers.buildHttpService("google.com", 80, False) requestResponse = self._callbacks.makeHttpRequest(httpService, message) When...

Last updated: Jul 26, 2021 11:55AM UTC | 1 Agent replies | 0 Community replies | Bug Reports

GraphQL API GetScan call failing

and I am trying to hit your GetScan (https://portswigger.net/burp/extensibility/enterprise/graphql-api

Last updated: Oct 22, 2021 08:41AM UTC | 1 Agent replies | 1 Community replies | How do I?

HTTP Request using Montoya API

I am trying to issue HTTP requests using the Montoya API with Swing Workers. burpReq2 = new BurpHTTPRequest(http, host, path2); String response2 = burpReq2.call(); With the old API

Last updated: Jan 18, 2023 09:10AM UTC | 0 Agent replies | 1 Community replies | How do I?

SQLMap API is not running!

I'm trying to use the SQLipy extension but I am facing error as SQLMap API is not running. When I try to start the API by clicking on the "Start API", nothing happens.

Last updated: Sep 21, 2023 01:25PM UTC | 1 Agent replies | 0 Community replies | Burp Extensions

Rest API Internal Server Error

After a system reboot, the REST API suddenly stopped working. I'm using Burp Enterprise. I can still start scans via the GUI, but all the API calls that used to work result in a 500 Internal Also, when I go to localhost:8080/api/[apikey]/v0.1/scan, it gives an Internal Server Error. When I use an invalid api key, it gives an Unahtorized, but with a valid api key, I get this internal I've also tried regenerating the api key, but that didn't solve the problem.

Last updated: Nov 30, 2023 05:11PM UTC | 2 Agent replies | 1 Community replies | Bug Reports

support cli burp-rest-api

I use scanner api in curl commandline. I don't set header and request body. But its no working. I use api /burp/scanner/scans/active scanner. application/json' \ -d '{ "request": { "method": "POST", "url": "https://api.dl10.jp/api username\":\"petabit\",\"password\":\"password\"}" } }' https://github.com/vmware/burp-rest-api

Last updated: Jun 07, 2024 06:48AM UTC | 1 Agent replies | 0 Community replies | How do I?

Expose intercept state for Burp API

I am currently developing a burp extension and would like to be able to check the state of the "Intercept" button in the proxy tab. I am able to turn on/off the interception but am not able to poll the state. Thanks

Last updated: Feb 07, 2018 03:53PM UTC | 2 Agent replies | 1 Community replies | Feature Requests

REST API Scanning Using Burp Enterprise

We understand that burp doesn't handle any authentication such as Oauth, and API key. https://portswigger.net/burp/documentation/desktop/scanning/api-scanning Thanks Ranjith

Last updated: Feb 10, 2022 09:50AM UTC | 3 Agent replies | 2 Community replies | How do I?

How do I perform API scanning?

I have a Backend REST API application that I want to scan. I am following the steps in https://portswigger.net/burp/documentation/desktop/automated-scanning/api-scans It says "To run an API scan, click New scan > API scan on the Dashboard." When I click on "New scan" on the dashboard, I do not see the "API scan" option at all.

Last updated: Mar 05, 2024 05:19PM UTC | 1 Agent replies | 0 Community replies | How do I?

Montoya API to list installed extensions?

Is there an api / method to list all installed extensions and their file locations? Thanks!

There is not a specific API for this in the Montoya API.

Last updated: Jun 05, 2024 09:17AM UTC | 1 Agent replies | 0 Community replies | How do I?

Montoya API Burp Extension Identifying Help

Is there a way or API class/method that I can turn this off when running my Extension? can't seem to find any documentation on it via - https://portswigger.github.io/burp-extensions-montoya-api

Last updated: Oct 29, 2024 11:50AM UTC | 2 Agent replies | 1 Community replies | Burp Extensions

Save Project File with BURP API

Is it possible to do this through the BURP API?

Last updated: Nov 08, 2017 04:43PM UTC | 2 Agent replies | 2 Community replies | How do I?

Restrict Sites on Burp Enterprise API

Name (top) - Site 1 - Site 2 Group 2 Name (top) - Site 1 - SIte 2 Yet when I call the API to run the scan using their API key, I constantly get a 401.

Last updated: Mar 26, 2019 10:03AM UTC | 1 Agent replies | 0 Community replies | How do I?

Scan POST Parameter with REST API

Hi, I am currently testing the REST API of the Burpsuite Pro and trying to scan POST parameters.

Last updated: Nov 26, 2019 09:40AM UTC | 1 Agent replies | 0 Community replies | How do I?

Calling Burp GraphQL API on python

Hello, I seem to be having trouble making a simple query on the Burp Suite Enterprise GraphQL API. ============================= burpEndpoint = '<Enterprise_server_url>/api/graphql/v1' apiToken =

Last updated: Dec 08, 2020 09:57AM UTC | 2 Agent replies | 1 Community replies | How do I?

Burp Extender API IContextMenuInvocation wrong Data

Hi There With the latest Version of Burp (2021.3.1) we have following issue: The IContextMenuInvocation Object passed to the createMenuItems Method of a IContextMenuFactory class holds the wrong request Object with...

Last updated: Mar 25, 2021 03:32PM UTC | 1 Agent replies | 0 Community replies | Bug Reports

how do i intercept API response

Hi, I am quite new to Burp I am trying to intercept API response could see reponse on encrypted

Last updated: Jan 13, 2022 09:21AM UTC | 1 Agent replies | 0 Community replies | How do I?

Burp Extension API - list available proxy interfaces

Will there be an interface built soon for the Burp API makes the proxy interfaces public?

Last updated: Mar 14, 2016 09:06AM UTC | 2 Agent replies | 1 Community replies | Burp Extensions

Burp Rest API - Launch a simple crawling

Hey.. i'm trying to start a simple crawl WITHOUT AUDIT CHECKS. I've saved my crawl config in the Configuration Library named as crawling_1, then.. curl -vgw "\n" -X POST 'http://127.0.0.1:1337/xxxxxxx/v0.1/scan' -d...

Last updated: Aug 21, 2023 01:50PM UTC | 2 Agent replies | 2 Community replies | How do I?

Automated Scan and Auditing of REST API

endpoints we have needs to be provided with 2-4 headers) and invoke this scan using the native rest API [because we did not find any way to configure any session rules via burps native rest API even if some

Last updated: Nov 29, 2021 04:22PM UTC | 1 Agent replies | 0 Community replies | How do I?

API Scan Parameters - changing the generated values

Hello I'm testing out the new API Scan functionality in the latest Burp Pro release and after converting my authentication information (Bearer token) via the UI and I can see the Parameters for the various API Is there a way to edit the Parameters when setting up a "New API scan" via the "API details" -> Parameters

Last updated: Jun 11, 2024 10:34AM UTC | 2 Agent replies | 1 Community replies | How do I?

Timings for Request/Responses

This information isn't currently available via the API, sorry. When we next update the API in general, we will look into providing this information for all requests

Last updated: Jan 01, 2017 07:16PM UTC | 2 Agent replies | 2 Community replies | How do I?

how to send api request to burp to do repeater or intruder request once via api

Hello sorry for the bother, i have wrote extension to send api request to burp to scan url but can't

Last updated: Aug 30, 2023 12:11PM UTC | 2 Agent replies | 1 Community replies | How do I?

How do I export reports from Burp Enterprise?

There is no api on <http://host:port/api/apikey> that extract Html report for burp enterprise.

Last updated: Jun 25, 2020 07:12AM UTC | 3 Agent replies | 2 Community replies | How do I?

More Burp 2 Beta API Key Issues

When "Allow access without API key" is enabled if an invalid API key is used the API does not return For example if a valid API key is "valid" and the API key "test" does not exist: GET http://127.0.0.1 GET http://127.0.0.1:1337/test/v0.1/knowledge_base/issue_definitions will return: 400 "Invalid API version" it should return: 401 "Unauthorized" If the "Allow access without an API key" option is disabled the API will return: 401 "Unauthorized" for bad keys as expected.

Last updated: Sep 26, 2019 06:25PM UTC | 3 Agent replies | 2 Community replies | Bug Reports

Rest API scan bug when reopening project..

Hello, I'm launching the scan through the Rest API perfectly and I am able to use the endpoint /v0.1 But when I close and reopen the burp/project, API stills working but now /v0.1/scan/3 returns {"type"

Last updated: Oct 02, 2020 09:14AM UTC | 1 Agent replies | 1 Community replies | Bug Reports

Scan API with Burp Suite Pro v2021.3.1

Hi, I saw this post (https://portswigger.net/blog/api-scanning-with-burp-suite) where it mentioned I've tried OpenAPIParser where I can import an OpenAPI file and send the API collection to the Target

Last updated: Apr 12, 2021 08:47AM UTC | 1 Agent replies | 0 Community replies | How do I?

Burp suite enterprise API to download report

We are using burp enterprise and would like to know the option to export scan report using an API. Please help us to provide API details to use extract report.

Last updated: Sep 01, 2021 09:56AM UTC | 2 Agent replies | 3 Community replies | Bug Reports

Error while sending request via Montoya API

Hi there, I am trying to send a request with the method sendRequest(); String body = "GET /vdp/helloworld HTTP/1.1\n" + "Host: sandbox.api.visa.com\n" + ...

Last updated: Mar 02, 2023 03:35PM UTC | 1 Agent replies | 0 Community replies | Burp Extensions

API Scanning via Burp Suite Enterprise Cloud

Wondering about the API scanning abilities for Burp Suite Enterprise Cloud. I see that sometime this year, "You’ll also be able to upload and scan API specifications with authentication

Last updated: May 17, 2024 03:29PM UTC | 1 Agent replies | 0 Community replies | Feature Requests

How do I automate Active Scanning

This API will do what you need: https://portswigger.net/burp/extender/api/burp/IBurpExtenderCallbacks.html

Last updated: Nov 29, 2016 09:53AM UTC | 1 Agent replies | 0 Community replies | How do I?

API proxy show as edited request

Using the "processHttpMessage" method I'm able to edit a request. How can I make this changed request show up in the proxy as an edited request (just like when a request is edited with proxy intercept)?

Last updated: Jan 23, 2018 11:19AM UTC | 1 Agent replies | 0 Community replies | Burp Extensions

Regarding REST API and Community Edition

Hello Support, If we upgrade to Burp Suite Professional 2.0 will we be able to access REST APIs or do we need to pay for that service. Also what is the difference between Professional and community Edition apart from...

Last updated: Aug 30, 2018 01:22PM UTC | 1 Agent replies | 0 Community replies | How do I?

Burp 2 Beta API key issues

When the Burp 2 REST API is enabled and the "Allow access without an API key" option is enabled and there is an API key added it is not possible to use the API key to make API calls. For example this: http://127.0.0.1:1337/<api key>/v0.1/ will give me an "Invalid API version" error What I expect to happen is that the API keys that exist should work and I can also call the APIs without

Last updated: Dec 06, 2018 02:15PM UTC | 2 Agent replies | 1 Community replies | Bug Reports

API to download Burp Suite Enterprise

Hi, Have you a API for download a relese of Burp Suite?

Last updated: Feb 28, 2020 08:54AM UTC | 2 Agent replies | 1 Community replies | How do I?

What is the GraphQL API endpoint

Hello Support, What is the GraphQL API endpoint for BurpSuite Enterprise?

Last updated: May 01, 2020 10:10AM UTC | 1 Agent replies | 0 Community replies | How do I?

Burp Enterprise Report export using Api

How do I download a latest scan report using a grapql api Without using the scan I'd.

Last updated: Aug 19, 2021 09:12AM UTC | 4 Agent replies | 3 Community replies | How do I?

Issue_events not working in burp API

Hi Team, Why i am not getting any data in issue events? Below is the response of CURL command (curl -vgw "\n" -X GET 'http://ipadd/myapikey/v0.1/scan/41' ) which i am using to get the scan results: { "task_id":...

Last updated: Jul 21, 2022 03:19PM UTC | 1 Agent replies | 0 Community replies | How do I?

Burp Suite Enterprise REST API Scanning

Hi, We are attempting to use Enterprise's REST API Scanning feature. least have a "forced" mode, where the OpenAPI discovery occurs and the scan is done even if the REST API What is the timeline/roadmap for fully supporting Rest API scanning without limitations?

Last updated: Oct 19, 2022 12:28PM UTC | 1 Agent replies | 0 Community replies | Feature Requests

Creating new WebSocket via Montoya API?

Hello, I am excited to see the Montoya API now adds support for WebSockets and I am trying to create Is it possible to do this using the new API or is this limited to WebSockets opened through the proxy

Last updated: Mar 14, 2023 04:06PM UTC | 1 Agent replies | 0 Community replies | Burp Extensions

Handling multipart requests with Montoya API

Is there an example of how to handle multipart parameters in Montoya API?

Last updated: Sep 08, 2023 04:08PM UTC | 2 Agent replies | 1 Community replies | Burp Extensions

burp command line

I using the burp-rest-api (from https://github.com/vmware/burp-rest-api) in centOS server and set http_proxy such as when I set proxy and use "git clone https://github.com/vmware/burp-rest-api" it shows: Peer's

Last updated: Oct 10, 2019 09:59AM UTC | 9 Agent replies | 8 Community replies | Burp Extensions

Scan Configuration

I have looked at the Rest API and It has scan submission API(post) with scan configuration.But I'm looking byte[] request, java.util.List<int[]> insertionPointOffsets)) which seems not possible through Rest API

Last updated: May 18, 2023 03:57PM UTC | 10 Agent replies | 11 Community replies | Burp Extensions

Burp 2 send base request

This isn't possible through the REST API at present. It is possible through the Extender API, using callbacks.doActiveScan.

Last updated: Sep 21, 2018 02:56PM UTC | 1 Agent replies | 0 Community replies | How do I?

Identify scanning threads using the Extender API

If so, can I manage the creation of these threads using the API? Any insight/help is appreciated.

Last updated: Jul 20, 2016 08:14AM UTC | 1 Agent replies | 0 Community replies | How do I?

Burp 2.0 beta scan_status REST API issue

I created a new scan through the new REST API and then checked the status after the scan was complete The task in the dashboard says 'Finished' with eight requests and eight errors but the REST API returns

Last updated: Sep 06, 2018 03:05PM UTC | 2 Agent replies | 1 Community replies | Bug Reports

Need help with new Burp REST API

How to initiate a scan with burp REST API for "Audit Selected Items".

Last updated: Sep 25, 2018 08:13AM UTC | 1 Agent replies | 0 Community replies | How do I?

Burp XML Parser Functionality in Extender API

from the proprietary XML parser could be added to the IExtensionHelpers class in the Burp Extender API

Last updated: Dec 02, 2019 11:21AM UTC | 1 Agent replies | 0 Community replies | Feature Requests

Active scan on API with HTTP/2

Is there any way to perform active scans on an API for a server that uses HTTP2 only?

Last updated: Feb 07, 2023 04:58PM UTC | 1 Agent replies | 0 Community replies | How do I?

Extender API to add additional Decoder algorithms

My feature request is to extend the "Extender API" to support custom "Decoder" algorithms.

Last updated: Sep 08, 2017 03:25PM UTC | 0 Agent replies | 1 Community replies | Feature Requests

Burp 2.0 beta REST API key issue

When creating a new scan with an API key: POST http://127.0.0.1:1337/<key>/v0.1/scan ... It is not possible to retreive the task without the API key if the 'Allow access without API key' option If you create a scan without an API key: POST http://127.0.0.1:1337/v0.1/scan It is not possible to retrieve the task with an API key GET http://127.0.0.1:1337/<key>/v0.1/scan/4 400 Bad request Most likely it comes down to having the API key in the URL and perhaps this is by design but it

Last updated: Sep 04, 2018 05:09PM UTC | 1 Agent replies | 1 Community replies | Bug Reports

Active Scan issues in BURP REST API

Hi Team, I tried scanning a web application using Burp. I have used: Audit coverage - thorough Configuration. While entering the scope URLs, in the Advanced Scope category, I have put some URLs in the "include URL...

Last updated: Nov 23, 2022 11:24AM UTC | 6 Agent replies | 4 Community replies | How do I?

API to modify configuration of scanner via extension

It would be very useful to have API to modify the configuration of the scanner via an extension to run

Last updated: Mar 31, 2017 12:43PM UTC | 2 Agent replies | 1 Community replies | Feature Requests

Get local path of burp file via API

An API call would be preferred. I wasn't able to find an API call that met this need.

Last updated: Jun 29, 2022 09:01AM UTC | 6 Agent replies | 8 Community replies | Burp Extensions

How to run active scan from burp command line for burp 2.1

Have you tried using the new REST API: - https://portswigger.net/blog/burps-new-rest-api The extension

Last updated: Nov 14, 2019 11:39AM UTC | 1 Agent replies | 0 Community replies | How do I?

Filter requests in Target Sitemap.

Yes, I want to use Burp REST API.

You can find information on the Burp REST API here: https://portswigger.net/blog/burps-new-rest-api

Last updated: Apr 16, 2020 10:57AM UTC | 2 Agent replies | 1 Community replies | How do I?

Using API to run scan against a target

Hi, Im trying to run a scan against a test target. First time i scan, everything is ok. But the second time i scan it, it does not show results. If i run a scan against a different target and again run against first...

Last updated: Dec 03, 2020 08:53AM UTC | 1 Agent replies | 0 Community replies | How do I?

Burp API does not include the extension report

Hello everyone, I tried the burp-rest-API on testphp.vulnweb.com but I notice that the API issues report c9fb79369b56407792a7104e3c4352fb I can't find any security issues from this Extention in the burp API /scan/{ID} endpoint but it gives me 2 results from it in the burp UI, is burp API doesn't allow to include

Last updated: Feb 15, 2022 01:08PM UTC | 2 Agent replies | 5 Community replies | How do I?

Burp API does not include the all issues

Hello, I'm trying to scan testphp.vulnweb.com through the Burpsuite REST-API but I notice that the issues results in the API is 165 but in the UI is more than 300

Last updated: Feb 14, 2022 01:17PM UTC | 1 Agent replies | 0 Community replies | How do I?

How do I scan an OpenAPI 3.0 API?

trying to follow the meager information at https://portswigger.net/burp/documentation/desktop/scanning/api-scanning in order to scan a REST API (I have the API definition file on disk). "Note If you prefer, you can disable API scanning by deselecting the Parse API definitions crawl option

Last updated: Dec 18, 2023 03:40PM UTC | 5 Agent replies | 5 Community replies | How do I?

Is there API documention for Burp Suite Professional?

I was able to find APi documentation for Burp Suite Enterprise Edition- can I reference that doc for Or does Burp Suite Pro not have an API?

Last updated: Nov 29, 2022 08:42AM UTC | 1 Agent replies | 0 Community replies | How do I?

Burp API Support for Selecting Active Scanning Areas

Hi There, I was looking through the API and I couldn't find support for passing in values for Active openRedirection headerManipulation serverLevelIssues While the GUI allows this, I am unsure if the API

Last updated: Oct 29, 2015 07:13PM UTC | 1 Agent replies | 1 Community replies | How do I?

Update Header in Session Handling/Macros

+1 - Would be very useful for API testing

+1 - Would be very useful for API testing

Last updated: Jun 02, 2021 11:13AM UTC | 4 Agent replies | 9 Community replies | Feature Requests

Enterprise - Generic CI Driver - Expected 101 when negotiating websocket

Yes without the /api/ part resolved my issue.

Last updated: Jun 09, 2023 07:56AM UTC | 2 Agent replies | 2 Community replies | How do I?

Extension API processHttpMessage does not honor set* methods

Hi there, At least version 2020.2.1 broke the processHttpMessage extender API. According to the "processHttpMessage" documentation on https://portswigger.net/burp/extender/api/burp Please please please create UnitTests for the API. _helpers = callbacks.getHelpers() callbacks.setExtensionName("Stop breaking the Extender API ") callbacks.registerHttpListener(self) print("Stop breaking the Extender API!")

Last updated: Mar 26, 2020 08:35AM UTC | 2 Agent replies | 2 Community replies | Bug Reports

Do BurpSuite have a API Vulnerability Scanning Feature

I would like know if Burpsuite have a API Vulnerability Scanning feature and on the other does enterprise

Last updated: Jan 18, 2021 03:52PM UTC | 1 Agent replies | 0 Community replies | Feature Requests

[Burp Enterprise GraphQL API] Sort Issues in scans

Hi, I'm working with the Burp Enterprise Graphql API, and I can't figure out how to do proper pagination According to the documentation (https://portswigger.net/burp/extensibility/enterprise/graphql-api/scan.html

Last updated: Apr 15, 2022 12:46PM UTC | 1 Agent replies | 0 Community replies | How do I?

REST API. After Scan: Task ID not found

Hello, Burp Suite Professional 2022.7.1 While accessing the Burp Rest API http://127.0.0.1:1337

Last updated: Aug 04, 2022 05:10PM UTC | 2 Agent replies | 1 Community replies | Bug Reports

MontoyaAPI v2023.12.1 Invalid URL Exception in includeInScope API

Hello, many thanks to your efforts on the cool Montoya API. I'm using a MontoyaAPI v2023.12.1 (net.portswigger.burp.extensions:montoya-api:2023.12.1) with a BurpSuite My custom extension uses Scope.includeInScope API[1] to include some URL in the target scope as below : ```kt api.scope().includeInScope("https://example.com") // where `api` is the argument of `initialize [1] https://portswigger.github.io/burp-extensions-montoya-api/javadoc/burp/api/montoya/scope/Scope.html

Last updated: Jan 09, 2024 03:08PM UTC | 1 Agent replies | 1 Community replies | Bug Reports

Initiating API scans using Burp Pro REST APIs

Can anyone help me on how to initiate API scans using Burp Pro REST APIs. Should we pass the API documentation path/location in the URL parameter? When I pass the URL of API documentation in URL field, a scan is triggered but the name of the scan is "Crawl and Audit of ...." , whereas, if i initiate an API scan from the UI the name shown is "API scan

Last updated: Aug 08, 2024 02:12PM UTC | 6 Agent replies | 6 Community replies | How do I?

login fails using Burp - site authenticates another site in azure

The Azure site is an API site

Last updated: May 13, 2019 12:42PM UTC | 2 Agent replies | 2 Community replies | How do I?

Burp Suite Enterprise edition - API endpoint scan

Could you please help me with performing API endpoint scan using Burp Suite Enterprise edition?

Last updated: Feb 24, 2021 09:02AM UTC | 3 Agent replies | 4 Community replies | How do I?

Extender API -- Callback on active scan completed

I can't readily identify a method with the current API to meet my desired goal.

Last updated: Jun 22, 2021 08:52AM UTC | 1 Agent replies | 0 Community replies | Burp Extensions

EXTRACT ALL SCANS STATUS IN REST API

Hello everyone, I'm trying to export all scan results through Rest API (ID Scan, URL, Status - When

Last updated: Sep 13, 2022 08:01AM UTC | 1 Agent replies | 1 Community replies | How do I?

Static analysis data exposed through Montoya API

Burp extension, I noticed that data related to static analysis is not accessible using the Montoya API But with the API, I only have access to the first HttpRequestResponse and I cannot retrieve any data Do you plan to expose this data through the API? Thank you in advance.

Last updated: Dec 04, 2023 11:54AM UTC | 1 Agent replies | 0 Community replies | Feature Requests

Montoya API: Update HttpHeader in Repeater Tab

Is it possible to change a HttpHeader on the HttpRequestResponse selected via a ContextMenuEvent in a Reapeater tab?

Last updated: Mar 08, 2024 09:15AM UTC | 2 Agent replies | 1 Community replies | How do I?

What are the security test mandatory for webservices (Rest API)

Hi, I want to test my API using Burp suite pro. is there any way to test my API in Burppro.

Last updated: Dec 20, 2018 09:51AM UTC | 7 Agent replies | 6 Community replies | How do I?

API support for controlling from remote automation framework

Hi, I would like to know how Burrp (licensed version) can be controlled using an remote API..

Burp's current API support is for in-process use only, and there isn't a remote/web API, sorry.

Last updated: May 11, 2022 10:02AM UTC | 2 Agent replies | 1 Community replies | How do I?

disable Payload encoding and auto load payloads through API

nice if the payloads get automatically loaded from custom file when invoking sendToIntruder method and API method to disable URL encode these characters through API. Thereby launching the attack through API

Last updated: Apr 25, 2016 03:05AM UTC | 2 Agent replies | 3 Community replies | Feature Requests

replace text in websocket operations

Sorry, no, the API doesn't currently expose WebSockets messages.

Last updated: Jul 12, 2022 08:16AM UTC | 3 Agent replies | 3 Community replies | How do I?

Clear the Scan Queue and Site Map from API

grow over a period of time and there is no option to clear the SiteMap and clear the Scan Queue from API I think, one can clear few items from SiteMap thru UI, but not from API. I hope there is a way to perform these thru API.

Last updated: Jun 23, 2016 08:20AM UTC | 1 Agent replies | 0 Community replies | How do I?

How to scan Rest Api that is using authentication token

There's general information about testing a REST API here: - https://support.portswigger.net/customer /portal/articles/2898216-using-burp-to-test-a-rest-api If you use an API client to generate valid

Last updated: Jul 03, 2023 02:49PM UTC | 6 Agent replies | 4 Community replies | How do I?

Burp Extension to call other extension using Montoya API

Hi, I'm writing a custom logger extension using Montoya API.

Last updated: Aug 13, 2023 03:12PM UTC | 2 Agent replies | 2 Community replies | Burp Extensions

How to see the documentation of rest api

But I want to see the documentation of rest api , how do I do that I tried http://localhost:1337/v0.1 /<key>/api-docs it does not work

Last updated: Feb 05, 2019 10:16AM UTC | 4 Agent replies | 3 Community replies | How do I?

Add custom XSS Payloads in Scanner

Have you integrated Scan check builder through API?

Last updated: Aug 22, 2019 06:15PM UTC | 1 Agent replies | 2 Community replies | How do I?

External links in description fields of API definition

I am trying to scan an API with Burp Suite Enterprise and I'm getting an error: "Skipping API definition Cause Burp Scanner needs to be able to parse an API definition in order to scan it. The API definition in question does have some external links, but only in description fields, e.g.: info: title: SEER*API description: | SEER API is a RESTful Web service that supports various

Last updated: Feb 22, 2023 02:07PM UTC | 2 Agent replies | 2 Community replies | Bug Reports

Exploiting an API endpoint using documentation Lab Trouble

I am trying to complete the first exercise in this lab and whenever I try to update the email I get the error - `undefined: Malformed URL: query only supported with GET (undefined)` Is something wrong with my burp...

Last updated: Sep 25, 2024 07:59AM UTC | 1 Agent replies | 0 Community replies | How do I?

Extender API no method to get Issue references

I found https://portswigger.net/burp/extender/api/burp/IScanIssue.html but there is no information regarding

Last updated: Sep 05, 2022 08:54AM UTC | 4 Agent replies | 3 Community replies | How do I?

Burp API - IContextMenuInvocation - Modified request/response access/hinting

In the Burp extender API when retrieving the selected messages from the proxy history, I don't see any

Last updated: Dec 12, 2017 04:35PM UTC | 3 Agent replies | 2 Community replies | Bug Reports

API function to change Response on the fly

But is there a way to do it from plugin API ? I'm looking at potential API https://portswigger.net/Burp/extender/api/burp/IHttpRequestResponse.html

Last updated: Apr 16, 2018 07:16AM UTC | 1 Agent replies | 0 Community replies | Burp Extensions

Auditing not calling doActiveScan(...) method via Extensibility API

Hi folks, I am currently trying to learn the Burp Extensibility API using this example (in Java);

Last updated: Mar 15, 2019 03:28PM UTC | 4 Agent replies | 4 Community replies | Burp Extensions

REST API. After Scan: Task ID not found

Burp Suite Profesional v2020.8.1 Steps to reproduce: 1. Start Burp Suite Pro 2. Launch new scan in the GUI 3. Poll scan status with HTTP GET https://127.0.0.1:1337/v0.1/$taskID --> Scan status poll fails with HTTP...

Last updated: Sep 25, 2020 12:06PM UTC | 2 Agent replies | 2 Community replies | Bug Reports

Burp Enterprise : API Scanning with headers and Body

Hi Team, If i wanted to send a header or body(json) or any parameter with an API to test, Is it Possible

Last updated: Dec 17, 2020 01:22PM UTC | 1 Agent replies | 0 Community replies | How do I?

Automatically starting a preconfigured scan

The REST API fulfills my needs, thank you!

Last updated: Mar 12, 2021 01:28PM UTC | 2 Agent replies | 1 Community replies | How do I?

Getting 401 Unauthorized while using Graphql API call

So, i am using GraphQL API provided for BurpSuite Enterprise. However, to test my API Key and i called both Rest API and GrapghQL API. My API works when calling REST api at webserverURL/api/myapikey. (FYI,I have included my API key using Authorization header in Postman i.e key = api_key and value= ** I tried using POST Request to the graphql Api, which returned 401 unauthorized message.

Last updated: Jun 17, 2021 03:51PM UTC | 2 Agent replies | 2 Community replies | How do I?

Connection Reset / Communication Error - While Intercepting API Response

Hi Team, I'm trying to pentest REST API collection from Postman. intercept Burp Request & Response, Request is successfully intercepted; however while intercepting API When Burp proxy is removed, I'm receiving successful response from API. Please help.

Last updated: Mar 18, 2022 07:04AM UTC | 1 Agent replies | 0 Community replies | How do I?

Are the crawled webpages retrievable through the API ?

testing burp enterprise since a couple of days and I'm suprise I can't retrieve the site map through the API

Last updated: May 23, 2022 11:20AM UTC | 1 Agent replies | 0 Community replies | How do I?

Expose Proxy History Meta Information for Extender API

the meta information (timestamp, IP, etc.) for each request/response interaction from the Extender API Currently, the getProxyHistory() (see https://portswigger.net/burp/extender/api/burp/IBurpExtenderCallbacks.html

Last updated: Jan 16, 2023 09:55AM UTC | 1 Agent replies | 0 Community replies | Feature Requests

Crawl.statusMessage in Montoya API is "Not yet implemented"

headless-burp are old and have deprecation issues, I am making my own extension for this with the new Montoya API https://portswigger.github.io/burp-extensions-montoya-api/javadoc/burp/api/montoya/scanner/Crawl.html Is there any workaround for this or is this problem simply impossible with the Montoya API?

Last updated: Mar 25, 2024 04:04PM UTC | 3 Agent replies | 2 Community replies | Burp Extensions

Customize a scan via the Burp Pro API

I want to customize a scan, using burp pro API and run it.

Last updated: Oct 30, 2024 07:58AM UTC | 2 Agent replies | 1 Community replies | How do I?

java.net.socket Exception when configuring intruder through Burp Extender API

multiple HTTP req to intruder with positions marked using sendToIntruder() method in burp Extender API

Last updated: Feb 03, 2015 01:33PM UTC | 1 Agent replies | 0 Community replies | How do I?

How do I send keyboard interrupts like CTRL +R for send to repeater through burp extender API

Can Hotkeys under Misc options be changed using API?

Last updated: Feb 10, 2016 10:55PM UTC | 4 Agent replies | 6 Community replies | How do I?

API to allow for distinguishing traffic requested by Macros

Could the API be adjusted to allow extenders to have the information, if request is coming from Macros

Last updated: Mar 15, 2019 02:18PM UTC | 1 Agent replies | 0 Community replies | Feature Requests

How to update and remove cookies through Burp API

I only saw get methods for cookies, there's no set or remove methods.

Last updated: Apr 18, 2019 09:29AM UTC | 2 Agent replies | 1 Community replies | How do I?

Start a Burp Suite Scan through an API call

Hi, We are trying to do Burp Scan using API (We use BurpSuite Professional).

Last updated: May 16, 2019 02:32PM UTC | 1 Agent replies | 0 Community replies | How do I?

Delete multiple tasks scanning

Would be interesting to delete completed from REST API..

Last updated: Jun 29, 2020 08:42AM UTC | 2 Agent replies | 1 Community replies | How do I?

Automating Burp Pro - docker issues (Activation & REST API availability)

Hi, I'm attempting to automate Burp licensing and run Burp with the REST API in headless mode via a Docker I've also noticed that the REST API does not appear to come online within the container, even after successful 2/ Which method is the intended way to license an automated Burp, and get Burp REST API up within the

Last updated: Sep 28, 2020 12:36PM UTC | 3 Agent replies | 3 Community replies | Bug Reports

Extender API: do request/response on behalf of Burp

Hi, is there a way to do request/response on behalf of burp? I see there is the IHttpListener.processHttpMessage that is called on request and on response , but this only seems to adapt the HTTP request/response, but it...

Last updated: Oct 05, 2020 01:59PM UTC | 5 Agent replies | 4 Community replies | How do I?

how to test api security testing using burp suite ?

how to test api security testing using burp suite ? there is any way to automated api testing with burp ?

Last updated: Oct 14, 2022 01:01PM UTC | 1 Agent replies | 0 Community replies | How do I?

Extender API -- How to get a Scan complete flag ?

https://forum.portswigger.net/thread/extender-api-callback-on-active-scan-completed-8dd0bebf

Last updated: Feb 22, 2023 09:22AM UTC | 1 Agent replies | 1 Community replies | Burp Extensions

Issue with Lab: Exploiting an API endpoint using documentation

The /api route, which apparently solved the lab, doesn't exist.

Last updated: Jul 03, 2024 08:03AM UTC | 1 Agent replies | 0 Community replies | Bug Reports

Unable to scan all Urls of site map at once

Hi Hardik Are you trying to scan an API? Burp is not able to scan an API automatically, and you will need to manually crawl followed by "Audit You can find out more here: - https://portswigger.net/support/using-burp-to-enumerate-a-rest-api - https ://portswigger.net/support/using-burp-to-test-a-rest-api

Last updated: Jun 23, 2020 12:24PM UTC | 7 Agent replies | 11 Community replies | Bug Reports

Burp Enterprise: Set Folder Destination in API Request

Hi, I wanna create a scan using the REST API and add it to a certain directory in the Burp Enterprise

Last updated: Mar 28, 2019 12:22PM UTC | 1 Agent replies | 0 Community replies | How do I?

Different scan ID from REST vs GraphQL API

If I initiate a scan using Burp POST REST API, I see even number (scan / task_id) as a part of HTTP response location header but if I initiate a scan using GraphQL API, I see odd number (and wrong scan id) in

Last updated: Jun 25, 2020 06:42AM UTC | 1 Agent replies | 0 Community replies | Bug Reports

Extension API on edited HTTP Responses (IHttpListener, IProxyListener)

Hi! I'm experiencing an issue with edited HTTP Responses and Burp Suite extensions. I'm working on an application that signs HTTP requests and responses. I created a Burp Suite extension that resign request and...

Last updated: Feb 17, 2022 06:41PM UTC | 3 Agent replies | 3 Community replies | Bug Reports

Burp crawler not finding endpoint on api sites

When crawl scanning APIs with Burp crawler it cannot find any endpoint. for instance If I select the https://api.example.com from the target sitemap and scan crawl it. Then it will find no endpoints.

Last updated: Jun 29, 2022 04:36PM UTC | 1 Agent replies | 0 Community replies | Bug Reports

Configure authorization headers to test REST API endpoints

Hello, I have a project where i should automate pentests on REST APIs so using the BURP REST API with

Last updated: Jul 31, 2023 03:10PM UTC | 1 Agent replies | 0 Community replies | How do I?

api to toggle request method and body encoding

Hello Is there some api support to toggle http request? toggle method from GET and POST,is there some one support toggle param to mutipart param in montoya api

Last updated: Apr 10, 2024 10:27AM UTC | 1 Agent replies | 0 Community replies | Burp Extensions

API Scan, use cookies from cookie.jar not working

Hi, when I start API Scan and have the session handling rule "Use cookies from Burp's cookie jar"

Last updated: Jun 07, 2024 10:35AM UTC | 1 Agent replies | 0 Community replies | Bug Reports

Add scheduled scan through api and auto creating jira tasks

Please, add this features. 1) Add creation of a scheduled scan through api 2) Auto creating jira level of criticality and the choice of the jira project, depending on the url or name scan. also do for api

Last updated: May 16, 2019 07:22AM UTC | 1 Agent replies | 2 Community replies | Feature Requests

Extract a single value from each response

If you have a look at our Extender API documentation https://portswigger.net/burp/extender/api/ The

Last updated: Sep 09, 2019 06:41AM UTC | 2 Agent replies | 2 Community replies | How do I?

How to trigger existing scan

Are you using Burp's REST API with Burp Suite Professional?

Last updated: Nov 24, 2020 01:07PM UTC | 1 Agent replies | 0 Community replies | How do I?

How can test various API methods with Burp Suite Enterprise

We also use OAuth2.0 for API authorization.

Last updated: Jun 24, 2024 12:27PM UTC | 1 Agent replies | 0 Community replies | How do I?

Does API Scan do anything different than just using scanner?

Before there was an API scan, I would do some manual testing on APIs and then run the API through scanner Now I see there is an option for API scan or Web app scan but what is the difference? Does API scan just not crawl as to only scan the specific API? I noticed the API scan makes you use a certain format, does that allow BURP to better locate injection Just trying to see if I should use API Scan or just stay with the Web App scan.

Last updated: Aug 01, 2024 02:55PM UTC | 1 Agent replies | 0 Community replies | How do I?

API function to check if URL is in scope?

Is there an API function that can be called to check if an URL is in scope?

Last updated: Mar 13, 2018 10:25AM UTC | 1 Agent replies | 0 Community replies | Burp Extensions

API based Crawling and Scanning getting struck at 98%

Hi, I have initiated the burp suite API in Headless mode "java -Xmx4G -Djava.awt.headless=true -jar

Last updated: Jun 12, 2020 10:02AM UTC | 5 Agent replies | 6 Community replies | How do I?

How do I run scans in headless using application login

You should be able to use the REST API: - https://security.stackexchange.com/questions/178815/using-burp-rest-api-how-do-i-log-into-my-web-application-in-order-to-scan-for-v

Last updated: Feb 14, 2022 11:39AM UTC | 1 Agent replies | 0 Community replies | How do I?

Montoya-API: caretPosition larger than request body on MessageEditorHttpRequestResponse

Hi there, I'm developing a new extension using the Montoya API.

Last updated: Feb 24, 2023 04:34PM UTC | 1 Agent replies | 0 Community replies | Burp Extensions

The "Parameters" tab does not appear in "API details"

When I try to run an API scan (New scan > API scan) I encounter the problem that there is no tab "Parameters " in "API details" (New scan > API scan > API details > Parameters).