Research Academy
My account Customers About Blog Careers Legal Contact Resellers

Burp Suite User Forum

Create new post

Burp 2.0 Rest API documentation

Jayant | Last updated: Oct 15, 2018 09:06PM UTC

Where can I get detailed documentation of the Burp 2.0 Rest API (https://portswigger.net/blog/burps-new-rest-api) particularly its usage. I tried using it by first invoking the SCAN method - I supplied the target url, application_logins, etc. It appears to have succeeded as it returned "201 Created" response. However I don't know how to retrieve the scan results and/or know if the scan completed? The above API call do not seem to return any task-id that I can see. That is assuming one supplies the task-id to get the status or results of the scan using the GET '/scan/[task_id: string]' API. What does one specify an API key and where to obtain one? Assuming it is not desirable to not enable "Allow access without an API key" setting. In what format would the scan results be available (when retrieved programmatically)? thanks Jayant

PortSwigger Agent | Last updated: Oct 16, 2018 09:15AM UTC

If you browse to the API endpoint you can access an interactive request builder. There's a link to download an OpenAPI schema definition for the API. When you create a scan the 201 Created response include the task ID in the Location header, which you can use to poll for the status. You can generate API keys in the Burp UI. You need to put them in the URL like http://127.0.0.1:1337/<api-key>

Burp User | Last updated: Jun 27, 2019 04:26AM UTC

Ironically, the OpenAPI Parser extension in the BApp store won't parse the schema definition you offer for your own API. Whenever I run an OpenAPI validator against it, it returns an error about a circular reference. Thoughts?

PortSwigger Agent | Last updated: Jun 27, 2019 09:59AM UTC

It's the OpenAPI Parser that is too strict. We've mentioned this to the extension author.

Burp User | Last updated: Jun 27, 2019 05:49PM UTC

how do i obtain the taskid in the burpsuite professional

Rose, PortSwigger Agent | Last updated: Jul 01, 2019 02:45PM UTC

You should be able to find the taskid in the "location" header.

You must be an existing, logged-in customer to reply to a thread. Please email us for additional support.