Burp Suite User Forum

Login to post

Burp REST API - capturing traffic

Andrej | Last updated: Sep 26, 2018 11:04AM UTC

Hi, in my experience, launching an active scan on valid dataset from Proxy is the best approach. We have regular releases, triggering test packs for changed functionality which can be routed through Burp Suite. So far, we always opened manually new Proxy listener, captured traffic, closed it, and ran active scan. Would it be possible, to enhance the REST APIs to be able to start listening on certain port (ideally with indication of transparent proxy); then indicate to Burp that it is finished (to close the listening port); so that we can launch the pre-defined active scan on intercepted data afterwards? With session management, excludes and everything else pre-prepared. I think it would be a very good addition, and most likely it's in your pipeline, but as far as I know that isn't a publicly accessible information so I can't vote for it in other way, as this:)

PortSwigger Agent | Last updated: Sep 26, 2018 01:22PM UTC

Thanks for the suggestion. We do intend to expose more of Burp's functionality through the REST API, and when we do that, this use case will be supported.

You need to Log in to post a reply. Or register here, for free.