Burp Suite User Forum

Login to post

Burp Configuration

Sangam | Last updated: Jul 29, 2020 07:19AM UTC

Hi, I am automating the security crawling and auditing.I want my configuration to run while i start the crawling and auditing which has(i have already created by visiting new configuration library tab provided by burp pro) all the scan type :Passive,light active,medium active,intrusive active and Javascript analysis. Steps i followed: Basically i want burp suite to start with my configuration library. 1)java -jar burpsuite_pro_v2020.7.jar --config-file="Automation Auditing.json" --config-file="Automation Crawling.json" 2)Then i am running python3 burp_scanwalker.py -uf urls.txt(which i used From :https://github.com/laconicwolf/Burp-API-Scripts). is this taking my configuration library i.e: "Automation Auditing.json" and "Automation Crawling.json"?if not,how to leverage my configuration library by default to be used for scanning where i trigger burp_scanwalker.py,Can please provide the steps i should follow? Help needed!!!Thanks

Uthman, PortSwigger Agent | Last updated: Jul 29, 2020 10:35AM UTC

Hi, The --config-file parameter is only for the Burp configuration file found in your home directory > .BurpSuite > UserConfigPro/Community.json If you are trying to launch a scan using some default scan configurations, I would suggest taking a look at the CI driver (https://portswigger.net/burp/extender/ci-integration). I just looked at burp_scanwalker and it looks like you need to pass your API key to your second command too. However, I think the CI driver can achieve what you are trying to do. An example of how to run that is: echo BURP_SCAN_URL=https://www.example.com/ | java -jar burp-ci-driver-1.0.7beta.jar<API-KEY> --named-scan-configuration="Audit checks - light active" --named-scan-configuration="Audit checks - passive" --self-signed-cert=Cert.pem You can also take a look at the REST API:<API-KEY>/v0.1

You need to Log in to post a reply. Or register here, for free.