Research Academy
My account Customers About Blog Careers Legal Contact Resellers
The Burp Suite User Forum was discontinued on the 1st November 2024.

Burp Suite User Forum

For support requests, go to the Support Center. To discuss with other Burp users, head to our Discord page.

SUPPORT CENTER DISCORD

Burp Rest API - Launch a simple crawling

intrd | Last updated: Oct 01, 2020 03:09PM UTC

Hey.. i'm trying to start a simple crawl WITHOUT AUDIT CHECKS. I've saved my crawl config in the Configuration Library named as crawling_1, then.. curl -vgw "\n" -X POST 'http://127.0.0.1:1337/xxxxxxx/v0.1/scan' -d '{"scan_configurations":[{"name":"crawling_1","type":"NamedConfiguration"}],"scope":{"include":[{"host_or_ip_range":"example","protocol":"any"},{"host_or_ip_range":"example","protocol":"any"}],"type":"AdvancedScope"},"urls":["http://example.org","http://example2.org"]}' The command works, but always start as "Crawl and Audit", why? I just want to start a simple crawl with audit checks disabled.

Michelle, PortSwigger Agent | Last updated: Oct 02, 2020 09:02AM UTC

When using the REST API the type is currently fixed to crawl and audit, could you tell us a bit more about your workflow and use case so we can have a chat with our developers, please?

David | Last updated: Jan 24, 2022 04:52PM UTC

I have the same problem, i just want to create an scan with "audit", with an audit configuration saved in my library. With the rest API burp always start a new scan with "audit and crawl" and is not using the configuration from my library.

Michelle, PortSwigger Agent | Last updated: Jan 25, 2022 09:30AM UTC

Thanks for your message. When using the REST API the scan created will perform both the crawl and audit stages of the scan, you can provide a specific audit configuration to be used. In the original post, the user was looking to perform just the crawl rather than only the audit. Can you tell us more about your workflow for this scenario? What steps are you currently taking via the UI? Are you manually crawling the site and then selecting requests and responses from the site tree to audit?

fa1ntStar | Last updated: Aug 21, 2023 01:50PM UTC