Burp Suite User Forum

Login to post

burp command line

hong | Last updated: Jan 31, 2017 03:34PM UTC

Hi, I would like to bring up BURP using command line (without any GUI) for automation. Is there a way to bring it up without a project file? If I do not specify the project file on the command line, it will bring up GUI which I do not want to see. java -jar -Djava.awt.headless=true -Xmx1g burpsuite_file.jar --config-file=file1 --config-file=file2 Thanks

PortSwigger Agent | Last updated: Jan 31, 2017 03:35PM UTC

If you launch Burp in headless mode then it won't show a GUI ever. It will load with a default temporary project unless you specify a project file. Try moving -Djava.awt.headless=true to straight after your java command.

Burp User | Last updated: Feb 01, 2017 03:22AM UTC

thanks, will give it a try. So using following command, I will bring up burp with a default temporary project with two config files, correct? java -jar -Xmx1g burpsuite_file.jar -Djava.awt.headless=true --config-file=file1 --config-file=file2

PortSwigger Agent | Last updated: Feb 01, 2017 08:44AM UTC

Give it a try and find out, otherwise try: java -Djava.awt.headless=true -Xmx1g -jar burpsuite_file.jar --config-file=file1 --config-file=file2

Burp User | Last updated: Sep 03, 2017 05:23AM UTC

I have same problem? Do you find a way to run burp without UI?

PortSwigger Agent | Last updated: Sep 04, 2017 09:14AM UTC

Hi Samira, Did you try -Djava.awt.headless=true ? That works fine for us. If it's not working for you, please describe exactly what you're seeing, including the precise command line.

Burp User | Last updated: Apr 28, 2018 05:05AM UTC

Hi, I need help to run burp in command line for automation purpose. Whatever we do with gui can we do with command in cmd. If you have a link please share it. And also let me know is there any way to automate burp with QA. Thanks

PortSwigger Agent | Last updated: Apr 30, 2018 07:16AM UTC

Hi Deepak, Burp only has limited command line support. Many of the actions are GUI only. For automation, there is the Carbonator extension: - https://portswigger.net/bappstore/e3a26fff8e1d401dade52f3a8d42d06b You may also be interested in the Burp REST API: - https://github.com/vmware/burp-rest-api With the current version of Burp, automation is possible, but you will have to do a bit of work to get it working properly. In future versions of Burp this will be better supported.

Burp User | Last updated: Aug 24, 2018 09:37PM UTC

Latest Burp Suite Pro Beta 2.0 has API support build in. However, even with the option turned on in user options, starting headless doesn't start the API. Any clues?

Liam, PortSwigger Agent | Last updated: Aug 29, 2018 08:28AM UTC

Keith, we've tested this and it works on our system. I've sent you a screenshot of the commands we've to keith@realistek.com.

Liam, PortSwigger Agent | Last updated: Aug 29, 2018 01:42PM UTC

Harsh, we're working on providing this functionality for the Enterprise Edition. It should be possible to code this up yourself, though we don't have any documentation. It might be worth looking at the code for Headless Burp: - https://github.com/portswigger/headless-burp

Burp User | Last updated: Oct 18, 2018 02:26PM UTC

Hi, I have tried https://github.com/vmware/burp-rest-api but how can use it in our Java code to automate it with selenium. Is there any document or link from where I can take help to automate https://github.com/vmware/burp-rest-api ? I have tried carbonator also but it is not that much usefull.

Burp User | Last updated: Mar 27, 2019 11:24AM UTC

Is there a way to setup SSL certificates for headless? As I see, this certificate is installation-based. It can be downloaded from UI version. But not for headless. My burp was installed on remote server and which has no UI supported. How to download and import SSL certificate? Thanks.

PortSwigger Agent | Last updated: Mar 27, 2019 11:26AM UTC

Hi, You can download the certificate from a headless Burp. You'll need to configure a browser to proxy through Burp. To do that you'll probably need to configure Burp Proxy to listen on all interfaces. You can do this using a config file like: bc. { "proxy":{ "request_listeners":[ { "certificate_mode":"per_host", "listen_mode":"all_interfaces", "listener_port":8080, "running":true } ] } } Once the browser is proxying through Burp you can go to http://burp/ and download the certificate.

Liam, PortSwigger Agent | Last updated: Mar 27, 2019 11:30AM UTC

It sounds like you need to install the CA in the centOS trust store. Have you tried something like this: - https://manuals.gfi.com/en/kerio/connect/content/server-configuration/ssl-certificates/adding-trusted-root-certificates-to-the-server-1605.html

Burp User | Last updated: May 30, 2019 10:37AM UTC

I using the burp-rest-api (from https://github.com/vmware/burp-rest-api) in centOS server and set http_proxy=127.0.0.1:8080 but the problem is when I sent request it will show the error message. such as when I set proxy and use "git clone https://github.com/vmware/burp-rest-api" it shows: Peer's certificate has an invalid signature. How to install the ca-certificate in centOS server? Any solution?

Burp User | Last updated: Oct 09, 2019 05:59PM UTC

Is there a setting for Proxy Intercept to be off? I have cmd line launching my burp project, I also pass in the project options file, but when the project opens, intercept is always On. I need it set to off so my automation scripts can run w/o manual intervention.

Mike, PortSwigger Agent | Last updated: Oct 10, 2019 09:59AM UTC

Hi Phillip, inside Proxy > Options, under the 'Intercept Client Requests' & 'Intercept Server Responses' sections there is a checkbox to 'Intercept x based on the following rules' if you disable that option in both sections and then save it into your project file when you load that project file into your headless version it should prevent any traffic from being intercepted by your proxy.

You need to Log in to post a reply. Or register here, for free.