Research Academy
My account Customers About Blog Careers Legal Contact Resellers
The Burp Suite User Forum was discontinued on the 1st November 2024.

Burp Suite User Forum

For support requests, go to the Support Center. To discuss with other Burp users, head to our Discord page.

SUPPORT CENTER DISCORD

Burp Suite Pro - API

Chris | Last updated: Dec 14, 2022 01:16PM UTC

Hi, Is it possible to make use of API to perform some tasks with the Burp Suite Pro? Let's say that I want to send information from my software to the Burp Suite Pro to execute a specific task (like website scanning) and then return the scanning results back to me.

Ben, PortSwigger Agent | Last updated: Dec 15, 2022 09:08AM UTC

Hi Chrysanthos, Burp Professional does have a REST API and you can configure its usage via the Settings -> Suite -> REST API section of Burp (by default, the API is configured to run on http://127.0.0.1:1337). The REST API is designed to be self documenting via the service URL so if you configure its usage from within Burp Professional, you can take a look at the functionality available from there. It is worth noting that the functionality available through the REST API is fairly limited (there are only three endpoints available which can be used to retrieve information about vulnerability issues, retrieve information about scans and initiate scans).

Chris | Last updated: Dec 16, 2022 07:18AM UTC

Thank you for the reply! I have just checked what you mentioned and indeed the REST API has very limited functionalities. So what do you suggest for doing my work? Burp Suite Enterprise can cover all the functionalities of burp so I can automate some common checks from my platform such as customized scans and the use of extensions?

Chris | Last updated: Dec 16, 2022 08:38AM UTC

Also in the below link is mentioned that the API for Burp Suite Pro will be enriched. DO we know when and how? https://portswigger.net/blog/new-burp-suite-api-we-want-your-feedback

Ben, PortSwigger Agent | Last updated: Dec 16, 2022 01:41PM UTC

Hi Chris, Apologies - we may have been talking at slightly cross purposes here. The article that you have linked to is talking about the Extender API - is that the API that you were referring to in your first message? In effect, within Burp Professional, we have the Extender API that allows you extend the functionality of core Burp by writing custom extensions and the REST API that allows you to send basic commands to initiate scans (I had, possibly incorrectly, assumed you were talking about the REST API). Just to clarify, what specific tasks are you trying to achieve in Burp Professional so that we can advise you further on this?

Chris | Last updated: Dec 16, 2022 03:54PM UTC

I want to see if we can execute some tasks of Burp Suit from a different platform like initiating scanning (maybe customizing it as well) and when finished to return the results back to the platform.

Michelle, PortSwigger Agent | Last updated: Dec 19, 2022 08:39AM UTC

Thanks for the clarification. How often will you need to automate these scans? Which platform are you trying to integrate with? If you'd rather discuss the details with us directly rather than on the forum, feel free to send an email to support@portswigger.net.

Chris | Last updated: Dec 19, 2022 08:59AM UTC