Burp Suite User Forum

Login to post

Burp Enterprise Graphql Retrieve Evidence Request / Response

Adam | Last updated: Jun 02, 2020 10:14AM UTC

Hi, I'm trying to return the evidence request/response from Burp Enterprise using the query getIssue from following the documentation, however, all I get is an error outlining the fields are undefined. Can I get an example of returning evidence using the query getIssue? Cheers, Adam

Michelle, PortSwigger Agent | Last updated: Jun 02, 2020 02:17PM UTC

Hi Adam Is your query working if you exclude the evidence section? Which parts of the evidence are you most interested in retrieving?

Steve | Last updated: Jan 13, 2021 06:07PM UTC

I am also trying to accomplish this same thing. If I format the query as below, it works, but I can not find any information on the sub-fields of evidence. I can add evidence {__fieldname} and it will "work" but the evidence field is empty in the response. query getIssue($scan_id: ID!, $serialNumber: ID!) { issue(scan_id: $scan_id, serial_number: $serialNumber) { confidence issue_type { type_index name description_html vulnerability_classifications_html references_html } display_confidence serial_number severity origin path novelty } }

Michelle, PortSwigger Agent | Last updated: Jan 14, 2021 09:42AM UTC

Thanks for your message. Does this example help you to find the information you're trying to return? query { issue(scan_id: <specify_scan_if>, serial_number: <specify_serial_number>) { confidence issue_type { type_index name description_html vulnerability_classifications_html references_html } display_confidence serial_number severity origin path novelty evidence { ... on Response { response_index response_count response_segments { ... on DataSegment { data_html } ... on HighlightSegment { highlight_html } ... on SnipSegment { snip_length } } } } } } If this isn't quite what you're trying to do, can tell us a bit more about the information you're trying to return with the query so we can take a closer look. If you want to share any examples of queries you've tried and their responses directly you can always contact us via email using support@portswigger.net.

You need to Log in to post a reply. Or register here, for free.