Burp Suite User Forum

Login to post

Burp Suite Automation

Alapan | Last updated: Oct 31, 2019 06:10AM UTC

I am trying to automate an API scan using Burp Suite Pro. I am planning to Initiate scans through the REST API and fetch the report through headless burp, as API returns a JSON response, and I need a user friendly HTML report. How do I go about to do that? Are there any easier approaches? And how to I automate authentication via Bearer token through an external link and add the token to the requests?

Ben, PortSwigger Agent | Last updated: Oct 31, 2019 11:21AM UTC

Hi, Unfortunately, the REST API only returns scan information in the JSON format. The full HTML reports are currently only generated in the Burp GUI. We do have a request in our development backlog to enhance the REST API reporting functionality but we cannot provide an ETA of when/if this will be implemented. Having said that, have you looked into any of the Burp Extensions that are currently available on our BApp store (These are user written extensions that extend some of Burps capabilities)? The Carbonator extension sounds like it might give you some of the functionality that you require. You would be able to create a Macro within Burp that will obtain a Bearer token and add it to requests. The following links provide some details of how people have achieved this previously: https://medium.com/leveraging-information-security-tools/refreshing-bearer-token-automatically-in-burp-and-zap-for-rest-apis-693bc8de3dee https://www.foregenix.com/blog/testing-problematic-authorisation-tokens-with-burp In addition, the Add Custom Header extension also looks like it might work for your requirements. Please let us know if you need any further assistance.

You need to Log in to post a reply. Or register here, for free.