Burp Suite User Forum
For support requests, go to the Support Center. To discuss with other Burp users, head to our Discord page.
Found 50 posts in 50 threads
server response, for me, contains the following JSON:
{
"username": "wiener",
"email": "test@hotmail.com … I can then resend the POST request with the following JSON included in the body:
{"email":"test@hotmail.com
chr892@hotmail.com
omanrich87@hotmail.com
web-security-academy.net/my-account/change-email" method="POST">
<input type="hidden" name="email" value="test2@hotmail.com
Want to know how can that be achieved using the Burp's native API.
Would it be best to create an API for the http requests coming from the web application?
Hi Team,
I am unable to find configurations for API scanning I think its not available for trial version
burpsuite extension, I want to know if the spider crawl is complete and whether there is a relevant api … Whether burpsuite should add more api
Hi,
I will need your help.I have a project that has to do with API pentest. How can Burp help me? … I was given a url and token for the API . … How can I connect to the API and test for vulnerability?
Urgent please!
Thank you
What is the different between Burp Extender API and Montoya API? … Can I use Burp Extender API from Montoyal API ?
I want to automate BurpSuite scans using burp's REST API (https://portswigger.net/blog/burps-new-rest-api
How do Perform API's from Burp.
Hey Burp Team, having some issues with how the Burp Suite Enterprise Edition REST API functions. … However, my team sets up the site in BSEE either through the dashboard or using the GraphQL API endpoint … To have the REST API match the preconfigured site, the list of URLs and the site name must be exactly … Is there a roadmap to have the REST API endpoint optionally use the site ID to request a new scan? … Or move that functionality to the GraphQL API, which already leans into the ID functionality?
While I am doing the rest api pentest, I manually enter the available variables from excel each time … or do you have easier method for rest api pentest?
I think I explained it complicated. … POST /api/{variable1}?
I trying to scan API in my environment, and I have a question.
I'm dealing more and more with websockets: is there _any_ way to modify requests on the fly?
I'm not afraid of writing a custom extension or fiddle with scripting my own tools. FWIW, if you provide some guidance, I could...
How Do I stop the scanner from running through API calls? … the spider but nothing to indicate if it has finished spidering or if it can be stopped through the api
I'm running into wss more as we see the shift towards single page, media rich applications. As such, I often find the need to implement custom deserialization of binary websockets messages. It would be helpful if I could...
Is there an anticipated timeline available for api scanning feature to be available in BurpSuite Enterprise
How API is verified by Burp as there exist a vulnerability or not?
Hi,
I wrote an extension some time ago, but abandoned it due to missing API functionality.
I maybe doing things the wrong way but I am trying to get all issues type of all scans with the API
Hi,
I have lots of powershell scripts calling the api (Graphql) and don't seem to see a way of linking … https://portswigger.net/burp/extensibility/enterprise/graphql-api/SiteTree.html
Any help would be
Hi , I have been using the Burp Suite Enterprise Edition REST API. … Is there any API or possible way of accruing the SCAN ID by passing the projectname or sitename that … If not, can you help me figure how to get the SCAN ID from Jenkins and use it in the POST api for getting
Hi,
I was wondering if you could change the Montoya API enum classes. … Therefore, the entire API relies on something that is final and can't be extended.
How can I perform an authenticated API scan using the new API scanning functionality?
There seems to be no way to change these values to be more relevant to the API being tested, and adding … configure the scanner to remove parameters from the scan; *** Above all else, this is the issue that makes API … scanning next to useless as it currently stands***
2) Some API requests are automatically deselected
Is there a way to use these or any other API call to perform actions like those available on the GUI,
I'm getting "unauthorized" message when using GraphQL API with Postman. … I'm using a valid API Key, but apparently, I'm not configuring it properly. … Could please let me know how to use API key on authorization header using Postman (or curl or httpie)
Hi, I am currently evaluating the BS Enterprise Edition and have some questions about the various API … After looking at the GraphQL API, it seems very well documented and supported, however, I don't see the … Or is that something I can only do through the REST API and/or CI driver? … (b) Does the CI driver provide the same query operations that the GraphQL API offers, or does it only … support the same 3 operations that the REST API supports?
Hi dear,
I wanted to call graphql api, but I have a problem in my code, I use .net 6.0. … When I called the api from PostMan everything's are OK, but when I call it from my code the response
Please see the API documentation:
https://portswigger.net/burp/extender/api/burp/IInterceptedProxyMessage.html
agent's response:
"There isn’t currently any way to use Burp’s own Content Discovery feature via the API
Is there any provision for API Testing in Burp ?
There's a way to audit a rest API with Burp enterprise using the swagger file like with OpenAPI Parser
would are now developing some web interface in which we can feed urls and send them to to Burp REST API … We think that the API should and needs to be extended for better functionality like adding the following
is it possible to use the GET /SCAN/[task_id] to obtain information on a running "live audit".
id like to know details like how many requests it is making currently, how many queued, how many issues found etc.
i can see...
While reviewing a site, I noticed that some API keys, including NREUM and Bootstrap are exposed. … How do I know if this exposed information is critical enough to report (Any suggestions on general API
Download the Burp Extender interface files" but that points to https://portswigger.net/burp/extender/api
Hi,
I just wanted to know whether Burp enterprise has API scanning facility ?
Are these kind of API currently in your Roadmap? Thank you!
Federico
Hi,
Is it possible to make use of API to perform some tasks with the Burp Suite Pro?
Burp Suite Professional still can't crawl the API endpoint on my target site.
I am unable to scan api endpoint using api defination. … :13.0237514Z 2023-08-20 12:50:13 INFO dastardly.EventLogPrinter - Aug 20 2023 12:50:10 DEBUG Found API
https://portswigger.net/burp/extender/api/allclasses-noframe.html
I'm having trouble calling GraphQL API on our Enterprise BurpSuite server. … For example, our burpsuite enterprise URL is http://<BURPURL>
I tried calling ScanReport GraphQL API … via Postman as follows:
Endpoint: http://<BURPURL>
Headers: "Authorization:<API KEY MY ADMIN SENT
MenuItem.basicMenuItem("# of added columns");
I'm using last version of Burp Professional and last version of Montoya API
I'm currently working on a Burp extension that uses the Montoya API. … requests to the Burp Repeater, and it would be great if I could create a new tab group using the Montoya API … Do you have any plans to extend the Montoya API in the near future?
I am looking at https://portswigger.net/burp/extender/api/, but only find doActiveScan and doPassiveScan … Does Burp Extender API have a way to configure crawler and start it?
James Kettle mentioned that the extension uses the burp API and does not explicitly do a hostname check