Burp Suite User Forum

Create new post

Burp Rest API - Launch a simple crawling

intrd | Last updated: Oct 01, 2020 03:09PM UTC

Hey.. i'm trying to start a simple crawl WITHOUT AUDIT CHECKS. I've saved my crawl config in the Configuration Library named as crawling_1, then.. curl -vgw "\n" -X POST 'http://127.0.0.1:1337/xxxxxxx/v0.1/scan' -d '{"scan_configurations":[{"name":"crawling_1","type":"NamedConfiguration"}],"scope":{"include":[{"host_or_ip_range":"example","protocol":"any"},{"host_or_ip_range":"example","protocol":"any"}],"type":"AdvancedScope"},"urls":["http://example.org","http://example2.org"]}' The command works, but always start as "Crawl and Audit", why? I just want to start a simple crawl with audit checks disabled.

Michelle, PortSwigger Agent | Last updated: Oct 02, 2020 09:02AM UTC

When using the REST API the type is currently fixed to crawl and audit, could you tell us a bit more about your workflow and use case so we can have a chat with our developers, please?

David | Last updated: Jan 24, 2022 04:52PM UTC

I have the same problem, i just want to create an scan with "audit", with an audit configuration saved in my library. With the rest API burp always start a new scan with "audit and crawl" and is not using the configuration from my library.

Michelle, PortSwigger Agent | Last updated: Jan 25, 2022 09:30AM UTC

Thanks for your message. When using the REST API the scan created will perform both the crawl and audit stages of the scan, you can provide a specific audit configuration to be used. In the original post, the user was looking to perform just the crawl rather than only the audit. Can you tell us more about your workflow for this scenario? What steps are you currently taking via the UI? Are you manually crawling the site and then selecting requests and responses from the site tree to audit?

fa1ntStar | Last updated: Aug 21, 2023 01:50PM UTC

Hello: I have the same problem,the workflow or scenario is: sometimes i just want a audit task and make the burpsuite as a server. I can use some other tools to provide the traffic(other crawler or curl command), so I'm looking for the method to create a audit task with the configration saved in libray and without gui interaction.

You must be an existing, logged-in customer to reply to a thread. Please email us for additional support.