Research Academy
My account Customers About Blog Careers Legal Contact Resellers
The Burp Suite User Forum was discontinued on the 1st November 2024.

Burp Suite User Forum

For support requests, go to the Support Center. To discuss with other Burp users, head to our Discord page.

SUPPORT CENTER DISCORD

API documentation for evidence types

DBail | Last updated: Dec 14, 2020 01:57PM UTC

Hi, I'm trying to write a script that can parse the json output of a scan from the rest API (Professional version), including the request_response in the evidence. However, it seems that different evidence types have different layouts, and it affects where the request_response is found. I've been unable to track down any documentation for this, and I was hoping someone could point me in the right direction. Many Thanks

Uthman, PortSwigger Agent | Last updated: Dec 14, 2020 03:04PM UTC

Hi, Can you please provide a working example of what you are referring to? By "different layouts", do you mean the number of request/response pairs generated for a single issue? What are you trying to do?

DBail | Last updated: Dec 14, 2020 04:06PM UTC

Hi, I need to be able to extract the "request_response" field from a given evidence type. For example, there are some where the "request_response" field is at the same level as the type, e.g. { "type": "FirstOrderEvidence", "detail": { "band_flags": [ "in_band" ] }, "request_response": { "url": "...", "request": [ ... ], "response": [ ... ], "was_redirect_followed": false, "request_time": "1607694315937" } } But there are others where it is buried in other fields, such as { "type": "StaticJavascriptAnalysisEvidence", "detail": { "band_flags": [ "in_band" ] }, "composable_evidence": { "type": "FirstOrderEvidence", "detail": { "band_flags": [ "in_band" ] }, "request_response": { "url": "...", "request": [ ... ], "response": [ ... ], "was_redirect_followed": false, "request_time": "1607694433167" } }, "javascript_request_responses": [], "code_snippets": [ { "code": "var lang = document.location.href.substring(document.location.href.indexOf(\"default=\")+8);", "offset": 69 }, { "code": "document.write(\"<option value='\" + lang + \"'>\" + decodeURI(lang) + \"</option>\");", "offset": 167 } ], "source_caption": "document.location.href", "sink_caption": "document.write()" } and { "type": "DiffableEvidence", "first_evidence": { "type": "FirstOrderEvidence", "detail": { "payload": { "bytes": "Li9lZWkvLi4vYnJ1dGU=", "flags": 0 }, "band_flags": [ "in_band" ] }, "request_response": { "url": "...", "request": [ ... ], "response": [ ... ], "was_redirect_followed": false, "request_time": "1607694344663" } }, "second_evidence": { "type": "FirstOrderEvidence", "detail": { "payload": { "bytes": "Li4uL2JydXRl", "flags": 0 }, "band_flags": [ "in_band" ] }, "request_response": { "url": "...", "request": [ ... ], "response": [ ... ], "was_redirect_followed": false, "request_time": "1607694344663" } } } I was just wondering if there was anywhere I could see all the possible evidence types and their schema

Uthman, PortSwigger Agent | Last updated: Dec 15, 2020 10:28AM UTC

Thanks a lot for clarifying. You can view the swagger documentation for the API if you navigate to it via http://127.0.0.1:1337/v0.1/openapi.json.

DBail | Last updated: Dec 15, 2020 02:24PM UTC

That's great, cheers. I've noticed that there are various "nested" evidence types that contain other evidences, such as TimingBasedEvidence and DiffableEvidence. I was wondering if, for example, evidence_a was one of these nested types, and it contained evidence_b, could evidence_b also be a nested type and contain evidence_c, and so on?

Uthman, PortSwigger Agent | Last updated: Dec 15, 2020 03:05PM UTC