How can I "Observe that the response contains your role ID."

server response, for me, contains the following JSON: { "username": "wiener", "email": "test@hotmail.com … I can then resend the POST request with the following JSON included in the body: {"email":"test@hotmail.com

Get the Free Community Burp Suite Software to Run

chr892@hotmail.com

my burp suite profsional desnt

omanrich87@hotmail.com

Lab: CSRF where token is duplicated in cookie

web-security-academy.net/my-account/change-email" method="POST"> <input type="hidden" name="email" value="test2@hotmail.com

CI/CD API scan using REST API (native API)

Want to know how can that be achieved using the Burp's native API.

AWS API

Would it be best to create an API for the http requests coming from the web application?

API Scanning

Hi Team, I am unable to find configurations for API scanning I think its not available for trial version

Spider api

burpsuite extension, I want to know if the spider crawl is complete and whether there is a relevant api … Whether burpsuite should add more api

API Testing

Hi, I will need your help.I have a project that has to do with API pentest. How can Burp help me? … I was given a url and token for the API . … How can I connect to the API and test for vulnerability? Urgent please! Thank you

Burp Extender API and Montoya API

What is the different between Burp Extender API and Montoya API? … Can I use Burp Extender API from Montoyal API ?

Burp API

I want to automate BurpSuite scans using burp's REST API (https://portswigger.net/blog/burps-new-rest-api

API scan

How do Perform API's from Burp.

REST API

Hey Burp Team, having some issues with how the Burp Suite Enterprise Edition REST API functions. … However, my team sets up the site in BSEE either through the dashboard or using the GraphQL API endpoint … To have the REST API match the preconfigured site, the list of URLs and the site name must be exactly … Is there a roadmap to have the REST API endpoint optionally use the site ID to request a new scan? … Or move that functionality to the GraphQL API, which already leans into the ID functionality?

API PENTEST

While I am doing the rest api pentest, I manually enter the available variables from excel each time … or do you have easier method for rest api pentest? I think I explained it complicated. … POST /api/{variable1}?

API Scans

I trying to scan API in my environment, and I have a question.

WebSocket API

I'm dealing more and more with websockets: is there _any_ way to modify requests on the fly? I'm not afraid of writing a custom extension or fiddle with scripting my own tools. FWIW, if you provide some guidance, I could...

Burp API Useage

How Do I stop the scanner from running through API calls? … the spider but nothing to indicate if it has finished spidering or if it can be stopped through the api

Websockets API support

I'm running into wss more as we see the shift towards single page, media rich applications. As such, I often find the need to implement custom deserialization of binary websockets messages. It would be helpful if I could...

Rest API Scanning

Is there an anticipated timeline available for api scanning feature to be available in BurpSuite Enterprise

Testing Rest API

How API is verified by Burp as there exist a vulnerability or not?

API extensions

Hi, I wrote an extension some time ago, but abandoned it due to missing API functionality.

graphQL API

I maybe doing things the wrong way but I am trying to get all issues type of all scans with the API

API query

Hi, I have lots of powershell scripts calling the api (Graphql) and don't seem to see a way of linking … https://portswigger.net/burp/extensibility/enterprise/graphql-api/SiteTree.html Any help would be

REST API Functionality

Hi , I have been using the Burp Suite Enterprise Edition REST API. … Is there any API or possible way of accruing the SCAN ID by passing the projectname or sitename that … If not, can you help me figure how to get the SCAN ID from Jenkins and use it in the POST api for getting

Montoya API enums

Hi, I was wondering if you could change the Montoya API enum classes. … Therefore, the entire API relies on something that is final and can't be extended.

Authenticated API Scan

How can I perform an authenticated API scan using the new API scanning functionality?

REST API Scanning

There seems to be no way to change these values to be more relevant to the API being tested, and adding … configure the scanner to remove parameters from the scan; *** Above all else, this is the issue that makes API … scanning next to useless as it currently stands*** 2) Some API requests are automatically deselected

Scope manipulation API

Is there a way to use these or any other API call to perform actions like those available on the GUI,

Using GraphQL API

I'm getting "unauthorized" message when using GraphQL API with Postman. … I'm using a valid API Key, but apparently, I'm not configuring it properly. … Could please let me know how to use API key on authorization header using Postman (or curl or httpie)

API Integration Options

Hi, I am currently evaluating the BS Enterprise Edition and have some questions about the various API … After looking at the GraphQL API, it seems very well documented and supported, however, I don't see the … Or is that something I can only do through the REST API and/or CI driver? … (b) Does the CI driver provide the same query operations that the GraphQL API offers, or does it only … support the same 3 operations that the REST API supports?

call graphql api

Hi dear, I wanted to call graphql api, but I have a problem in my code, I use .net 6.0. … When I called the api from PostMan everything's are OK, but when I call it from my code the response

modifications visible in the proxy

Please see the API documentation: https://portswigger.net/burp/extender/api/burp/IInterceptedProxyMessage.html

content discovery API access?

agent's response: "There isn’t currently any way to use Burp’s own Content Discovery feature via the API

Provision for API testing

Is there any provision for API Testing in Burp ?

Audit a REST API

There's a way to audit a rest API with Burp enterprise using the swagger file like with OpenAPI Parser

Extending REST API functionality

would are now developing some web interface in which we can feed urls and send them to to Burp REST API … We think that the API should and needs to be extended for better functionality like adding the following

BurpSuite Pro REST API

is it possible to use the GET /SCAN/[task_id] to obtain information on a running "live audit". id like to know details like how many requests it is making currently, how many queued, how many issues found etc. i can see...

Finding Sensitive API Keys

While reviewing a site, I noticed that some API keys, including NREUM and Bootstrap are exposed. … How do I know if this exposed information is critical enough to report (Any suggestions on general API

Extender API broken link

Download the Burp Extender interface files" but that points to https://portswigger.net/burp/extender/api

Burp Enterprise API scan

Hi, I just wanted to know whether Burp enterprise has API scanning facility ?

Extension API for WebSocket

Are these kind of API currently in your Roadmap? Thank you! Federico

Burp Suite Pro - API

Hi, Is it possible to make use of API to perform some tasks with the Burp Suite Pro?

problem with API scanning

Burp Suite Professional still can't crawl the API endpoint on my target site.

API scanning using dastardly

I am unable to scan api endpoint using api defination. … :13.0237514Z 2023-08-20 12:50:13 INFO dastardly.EventLogPrinter - Aug 20 2023 12:50:10 DEBUG Found API

Extender API Parameters

https://portswigger.net/burp/extender/api/allclasses-noframe.html

Call GraphQL API

I'm having trouble calling GraphQL API on our Enterprise BurpSuite server. … For example, our burpsuite enterprise URL is http://<BURPURL> I tried calling ScanReport GraphQL API … via Postman as follows: Endpoint: http://<BURPURL> Headers: "Authorization:<API KEY MY ADMIN SENT

Montoya API NoSuchMethodError

MenuItem.basicMenuItem("# of added columns"); I'm using last version of Burp Professional and last version of Montoya API

Can We Implement a "Create New Group" API to the Montoya API?

I'm currently working on a Burp extension that uses the Montoya API. … requests to the Burp Repeater, and it would be great if I could create a new tab group using the Montoya API … Do you have any plans to extend the Montoya API in the near future?

Crawler API for Burp

I am looking at https://portswigger.net/burp/extender/api/, but only find doActiveScan and doPassiveScan … Does Burp Extender API have a way to configure crawler and start it?

Burp API Hostname Resolution

James Kettle mentioned that the extension uses the burp API and does not explicitly do a hostname check