The Burp Suite User Forum was discontinued on the 1st November 2024.

Burp Suite User Forum

For support requests, go to the Support Center. To discuss with other Burp users, head to our Discord page.

SUPPORT CENTER DISCORD

Found 50 posts in 50 threads

How can I "Observe that the response contains your role ID."

server response, for me, contains the following JSON: { "username": "wiener", "email": "test@hotmail.com I can then resend the POST request with the following JSON included in the body: {"email":"test@hotmail.com

Last updated: Feb 02, 2020 06:44AM UTC | 3 Agent replies | 4 Community replies | How do I?

Get the Free Community Burp Suite Software to Run

chr892@hotmail.com

Last updated: Dec 07, 2020 08:47AM UTC | 1 Agent replies | 0 Community replies | How do I?

my burp suite profsional desnt

omanrich87@hotmail.com

Last updated: Oct 19, 2020 07:31AM UTC | 1 Agent replies | 0 Community replies | How do I?

Lab: CSRF where token is duplicated in cookie

web-security-academy.net/my-account/change-email" method="POST"> <input type="hidden" name="email" value="test2@hotmail.com

Last updated: May 27, 2024 08:52AM UTC | 1 Agent replies | 1 Community replies | How do I?

CI/CD API scan using REST API (native API)

Want to know how can that be achieved using the Burp's native API.

Last updated: Apr 18, 2023 06:48AM UTC | 1 Agent replies | 0 Community replies | How do I?

AWS API

Would it be best to create an API for the http requests coming from the web application?

Last updated: Aug 09, 2022 08:30AM UTC | 2 Agent replies | 1 Community replies | How do I?

API Scanning

Hi Team, I am unable to find configurations for API scanning I think its not available for trial version

Last updated: Dec 07, 2020 02:17PM UTC | 2 Agent replies | 1 Community replies | Feature Requests

Spider api

burpsuite extension, I want to know if the spider crawl is complete and whether there is a relevant api Whether burpsuite should add more api

Last updated: Dec 29, 2020 02:28PM UTC | 2 Agent replies | 1 Community replies | Burp Extensions

API Testing

Hi, I will need your help.I have a project that has to do with API pentest. How can Burp help me? I was given a url and token for the API . How can I connect to the API and test for vulnerability? Urgent please! Thank you

Last updated: Mar 22, 2021 04:46AM UTC | 1 Agent replies | 1 Community replies | How do I?

Burp Extender API and Montoya API

What is the different between Burp Extender API and Montoya API? Can I use Burp Extender API from Montoyal API ?

Last updated: Aug 28, 2023 09:08AM UTC | 1 Agent replies | 0 Community replies | How do I?

Burp API

I want to automate BurpSuite scans using burp's REST API (https://portswigger.net/blog/burps-new-rest-api

Last updated: Nov 12, 2019 08:27AM UTC | 1 Agent replies | 1 Community replies | How do I?

API scan

How do Perform API's from Burp.

Last updated: Jan 21, 2021 08:13AM UTC | 3 Agent replies | 2 Community replies | How do I?

REST API

Hey Burp Team, having some issues with how the Burp Suite Enterprise Edition REST API functions. However, my team sets up the site in BSEE either through the dashboard or using the GraphQL API endpoint To have the REST API match the preconfigured site, the list of URLs and the site name must be exactly Is there a roadmap to have the REST API endpoint optionally use the site ID to request a new scan? Or move that functionality to the GraphQL API, which already leans into the ID functionality?

Last updated: Apr 23, 2021 10:20AM UTC | 1 Agent replies | 0 Community replies | Feature Requests

API PENTEST

While I am doing the rest api pentest, I manually enter the available variables from excel each time or do you have easier method for rest api pentest? I think I explained it complicated. POST /api/{variable1}?

Last updated: Dec 20, 2022 02:03PM UTC | 1 Agent replies | 0 Community replies | How do I?

API Scans

I trying to scan API in my environment, and I have a question.

Last updated: Sep 25, 2024 01:06PM UTC | 1 Agent replies | 0 Community replies | How do I?

WebSocket API

I'm dealing more and more with websockets: is there _any_ way to modify requests on the fly? I'm not afraid of writing a custom extension or fiddle with scripting my own tools. FWIW, if you provide some guidance, I could...

Last updated: Jul 06, 2023 08:29AM UTC | 9 Agent replies | 11 Community replies | Burp Extensions

Burp API Useage

How Do I stop the scanner from running through API calls? the spider but nothing to indicate if it has finished spidering or if it can be stopped through the api

Last updated: Sep 05, 2016 08:55AM UTC | 2 Agent replies | 2 Community replies | How do I?

Websockets API support

I'm running into wss more as we see the shift towards single page, media rich applications. As such, I often find the need to implement custom deserialization of binary websockets messages. It would be helpful if I could...

Last updated: Dec 14, 2020 09:32AM UTC | 5 Agent replies | 17 Community replies | Feature Requests

Rest API Scanning

Is there an anticipated timeline available for api scanning feature to be available in BurpSuite Enterprise

Last updated: Nov 20, 2020 08:37AM UTC | 4 Agent replies | 2 Community replies | Feature Requests

Testing Rest API

How API is verified by Burp as there exist a vulnerability or not?

Last updated: Mar 07, 2023 11:09AM UTC | 1 Agent replies | 0 Community replies | How do I?

API extensions

Hi, I wrote an extension some time ago, but abandoned it due to missing API functionality.

Last updated: Oct 06, 2017 01:52PM UTC | 1 Agent replies | 0 Community replies | Feature Requests

graphQL API

I maybe doing things the wrong way but I am trying to get all issues type of all scans with the API

Last updated: Jul 23, 2020 02:59PM UTC | 3 Agent replies | 1 Community replies | How do I?

API query

Hi, I have lots of powershell scripts calling the api (Graphql) and don't seem to see a way of linking https://portswigger.net/burp/extensibility/enterprise/graphql-api/SiteTree.html Any help would be

Last updated: Feb 11, 2021 09:03AM UTC | 1 Agent replies | 0 Community replies | How do I?

REST API Functionality

Hi , I have been using the Burp Suite Enterprise Edition REST API. Is there any API or possible way of accruing the SCAN ID by passing the projectname or sitename that If not, can you help me figure how to get the SCAN ID from Jenkins and use it in the POST api for getting

Last updated: Apr 19, 2021 10:22AM UTC | 3 Agent replies | 3 Community replies | How do I?

Montoya API enums

Hi, I was wondering if you could change the Montoya API enum classes. Therefore, the entire API relies on something that is final and can't be extended.

Last updated: Aug 24, 2023 01:04PM UTC | 2 Agent replies | 1 Community replies | Burp Extensions

Authenticated API Scan

How can I perform an authenticated API scan using the new API scanning functionality?

Last updated: Apr 12, 2024 09:05AM UTC | 1 Agent replies | 0 Community replies | How do I?

REST API Scanning

There seems to be no way to change these values to be more relevant to the API being tested, and adding configure the scanner to remove parameters from the scan; *** Above all else, this is the issue that makes API scanning next to useless as it currently stands*** 2) Some API requests are automatically deselected

Last updated: Aug 01, 2024 02:47PM UTC | 1 Agent replies | 0 Community replies | How do I?

Scope manipulation API

Is there a way to use these or any other API call to perform actions like those available on the GUI,

Last updated: Jan 22, 2019 10:37AM UTC | 1 Agent replies | 1 Community replies | Burp Extensions

Using GraphQL API

I'm getting "unauthorized" message when using GraphQL API with Postman. I'm using a valid API Key, but apparently, I'm not configuring it properly. Could please let me know how to use API key on authorization header using Postman (or curl or httpie)

Last updated: May 27, 2020 07:15AM UTC | 2 Agent replies | 1 Community replies | How do I?

API Integration Options

Hi, I am currently evaluating the BS Enterprise Edition and have some questions about the various API After looking at the GraphQL API, it seems very well documented and supported, however, I don't see the Or is that something I can only do through the REST API and/or CI driver? (b) Does the CI driver provide the same query operations that the GraphQL API offers, or does it only support the same 3 operations that the REST API supports?

Last updated: Oct 15, 2021 10:32AM UTC | 2 Agent replies | 1 Community replies | How do I?

call graphql api

Hi dear, I wanted to call graphql api, but I have a problem in my code, I use .net 6.0. When I called the api from PostMan everything's are OK, but when I call it from my code the response

Last updated: Jan 18, 2022 09:45AM UTC | 2 Agent replies | 1 Community replies | How do I?

modifications visible in the proxy

Please see the API documentation: https://portswigger.net/burp/extender/api/burp/IInterceptedProxyMessage.html

Last updated: Jan 24, 2017 03:30PM UTC | 3 Agent replies | 2 Community replies | How do I?

content discovery API access?

agent's response: "There isn’t currently any way to use Burp’s own Content Discovery feature via the API

Last updated: Jan 28, 2020 08:49AM UTC | 3 Agent replies | 2 Community replies | Feature Requests

Provision for API testing

Is there any provision for API Testing in Burp ?

Last updated: Nov 03, 2017 09:08AM UTC | 2 Agent replies | 2 Community replies | How do I?

Audit a REST API

There's a way to audit a rest API with Burp enterprise using the swagger file like with OpenAPI Parser

Last updated: Feb 19, 2020 01:45PM UTC | 1 Agent replies | 0 Community replies | How do I?

Extending REST API functionality

would are now developing some web interface in which we can feed urls and send them to to Burp REST API We think that the API should and needs to be extended for better functionality like adding the following

Last updated: Jun 17, 2020 08:07AM UTC | 1 Agent replies | 0 Community replies | Feature Requests

BurpSuite Pro REST API

is it possible to use the GET /SCAN/[task_id] to obtain information on a running "live audit". id like to know details like how many requests it is making currently, how many queued, how many issues found etc. i can see...

Last updated: Jul 01, 2021 11:20AM UTC | 3 Agent replies | 2 Community replies | How do I?

Finding Sensitive API Keys

While reviewing a site, I noticed that some API keys, including NREUM and Bootstrap are exposed. How do I know if this exposed information is critical enough to report (Any suggestions on general API

Last updated: Nov 01, 2022 08:35AM UTC | 1 Agent replies | 0 Community replies | How do I?

Extender API broken link

Download the Burp Extender interface files" but that points to https://portswigger.net/burp/extender/api

Last updated: Oct 20, 2015 08:50AM UTC | 1 Agent replies | 0 Community replies | Burp Extensions

Burp Enterprise API scan

Hi, I just wanted to know whether Burp enterprise has API scanning facility ?

Last updated: Nov 28, 2023 02:28PM UTC | 2 Agent replies | 2 Community replies | How do I?

Extension API for WebSocket

Are these kind of API currently in your Roadmap? Thank you! Federico

Last updated: Jan 04, 2023 02:34PM UTC | 4 Agent replies | 3 Community replies | Feature Requests

Burp Suite Pro - API

Hi, Is it possible to make use of API to perform some tasks with the Burp Suite Pro?

Last updated: Dec 19, 2022 08:59AM UTC | 3 Agent replies | 4 Community replies | How do I?

problem with API scanning

Burp Suite Professional still can't crawl the API endpoint on my target site.

Last updated: Mar 15, 2023 10:28AM UTC | 1 Agent replies | 0 Community replies | How do I?

API scanning using dastardly

I am unable to scan api endpoint using api defination. :13.0237514Z 2023-08-20 12:50:13 INFO dastardly.EventLogPrinter - Aug 20 2023 12:50:10 DEBUG Found API

Last updated: Aug 21, 2023 08:09AM UTC | 1 Agent replies | 0 Community replies | How do I?

Extender API Parameters

https://portswigger.net/burp/extender/api/allclasses-noframe.html

Last updated: Jan 03, 2017 10:19AM UTC | 1 Agent replies | 0 Community replies | Burp Extensions

Call GraphQL API

I'm having trouble calling GraphQL API on our Enterprise BurpSuite server. For example, our burpsuite enterprise URL is http://<BURPURL> I tried calling ScanReport GraphQL API via Postman as follows: Endpoint: http://<BURPURL> Headers: "Authorization:<API KEY MY ADMIN SENT

Last updated: Jun 18, 2020 07:54PM UTC | 1 Agent replies | 3 Community replies | How do I?

Montoya API NoSuchMethodError

MenuItem.basicMenuItem("# of added columns"); I'm using last version of Burp Professional and last version of Montoya API

Last updated: Jun 08, 2023 03:26PM UTC | 5 Agent replies | 5 Community replies | Bug Reports

Can We Implement a "Create New Group" API to the Montoya API?

I'm currently working on a Burp extension that uses the Montoya API. requests to the Burp Repeater, and it would be great if I could create a new tab group using the Montoya API Do you have any plans to extend the Montoya API in the near future?

Last updated: Sep 23, 2024 12:22PM UTC | 3 Agent replies | 2 Community replies | Burp Extensions

Crawler API for Burp

I am looking at https://portswigger.net/burp/extender/api/, but only find doActiveScan and doPassiveScan Does Burp Extender API have a way to configure crawler and start it?

Last updated: Aug 30, 2023 01:28PM UTC | 4 Agent replies | 3 Community replies | How do I?

Burp API Hostname Resolution

James Kettle mentioned that the extension uses the burp API and does not explicitly do a hostname check

Last updated: Nov 17, 2022 02:30PM UTC | 2 Agent replies | 2 Community replies | Burp Extensions