Research Academy
My account Customers About Blog Careers Legal Contact Resellers

Burp Suite User Forum

Create new post

Burp API does not include the extension report

Khaled | Last updated: Feb 10, 2022 03:08PM UTC

Hello everyone, I tried the burp-rest-API on testphp.vulnweb.com but I notice that the API issues report doesn't include the issues of the extension for example Vulners.com extension: https://portswigger.net/bappstore/c9fb79369b56407792a7104e3c4352fb I can't find any security issues from this Extention in the burp API /scan/{ID} endpoint but it gives me 2 results from it in the burp UI, is burp API doesn't allow to include the results of the extension? ENV: OS: Ubuntu (21) Burp: 2021.8 OpenJDK 14 best regards

Michelle, PortSwigger Agent | Last updated: Feb 11, 2022 10:20AM UTC

Thanks for your message. Can you report this to the author of the extension via GitHub, please? From our tests this appears to be related to the extension, other extensions such as Active Scan++ are picked up when querying the scan via the REST API.

Khaled | Last updated: Feb 11, 2022 12:36PM UTC

Hi Michelle, Thanks for your response currently no I don't have any problem with other extensions like vulners but can you give me the right steps to include the vulners issues in the burp API (for sending it to the developers of this ext) Also, some issues that come from the burp scanner without any extensions in the UI gives me 7 issues about Cross-domain Referer leakage but the API gives me only 4 same things with XSS (UI: 17, API: 8) can you give me a little description about what's happing here? best regards

Khaled | Last updated: Feb 11, 2022 12:36PM UTC

Hi Michelle, Thanks for your response currently no I don't have any problem with other extensions like vulners but can you give me the right steps to include the vulners issues in the burp API (for sending it to the developers of this ext) Also, some issues that come from the burp scanner without any extensions in the UI gives me 7 issues about Cross-domain Referer leakage but the API gives me only 4 same things with XSS (UI: 17, API: 8) can you give me a little description about what's happing here? best regards

Khaled | Last updated: Feb 11, 2022 12:36PM UTC

Hi Michelle, Thanks for your response currently no I don't have any problem with other extensions like vulners but can you give me the right steps to include the vulners issues in the burp API (for sending it to the developers of this ext) Also, some issues that come from the burp scanner without any extensions in the UI gives me 7 issues about Cross-domain Referer leakage but the API gives me only 4 same things with XSS (UI: 17, API: 8) can you give me a little description about what's happing here? best regards

Khaled | Last updated: Feb 11, 2022 12:36PM UTC

opss sorry about that

Michelle, PortSwigger Agent | Last updated: Feb 14, 2022 11:02AM UTC

Hi You can report issues with the extension here: https://github.com/vulnersCom/burp-vulners-scanner/issues I would explain the details you have provided here and that the issues reported by the extension do not seem to be linked to the main scan task so are not picked up when you query the scan task via the REST API. For your second query, can you send some screenshots to support@portswigger.net to help show us the scenario you are describing in a bit more detail? If you view the issue from the Burp Dashboard/UI, how does this compare to what you see when you query the scan task via the REST API?

Khaled | Last updated: Feb 15, 2022 01:08PM UTC

Thanks Michelle I sent the report to the support email :)

You must be an existing, logged-in customer to reply to a thread. Please email us for additional support.