Research Academy
My account Customers About Blog Careers Legal Contact Resellers

Burp Suite User Forum

Create new post

Burp Suite JAR via Terminal - Custom Scan Configuration

Tengri | Last updated: Mar 18, 2022 11:23AM UTC

Hello, I'm using the Burp Suite via terminal. (java -jar -Xmx4g /path/to/burp.jar) I just want to scan for sql injection. How can I include my own created custom scan configuration in the scan? The arguments below didn't work for me. --project-file --config-file --user-config-file Thanks.

Michelle, PortSwigger Agent | Last updated: Mar 18, 2022 02:06PM UTC

Thanks for your message. Are you using java -jar -Xmx4g /path/to/burp.jar to launch the Burp UI and then need to start a scan that only tests for specific issue types? Can you tell us more about the setup you are trying to achieve?

Tengri | Last updated: Mar 19, 2022 08:49AM UTC

Hi Michelle, I use the Burp Suite Jar with --headless.mode=true Need to start a scan that only tests for specific issue types? - Yes. Can you tell us more about the setup you are trying to achieve? - I just want to do sql injection scans to shorten the scan time. (For all scans) Thanks.

Michelle, PortSwigger Agent | Last updated: Mar 21, 2022 08:55AM UTC

Thanks for the update. So we can help find the best options for you, can you describe your use case and workflow, please? Is there a reason you find it is easier for your setup to use Burp in headless mode, or if you had some scan configurations of your own saved would this help to speed up your work process? Currently, once you have started Burp in headless mode are you then using the REST API to start scans? Once the scan has been completed, do you then need to generate reports on any issues found?

You must be an existing, logged-in customer to reply to a thread. Please email us for additional support.