Research Academy
My account Customers About Blog Careers Legal Contact Resellers
The Burp Suite User Forum was discontinued on the 1st November 2024.

Burp Suite User Forum

For support requests, go to the Support Center. To discuss with other Burp users, head to our Discord page.

SUPPORT CENTER DISCORD

Burpsuite EE REST API scan is not runing from CLI

Hira | Last updated: Jun 08, 2023 08:57PM UTC

This is Hira and I am a security engineer, I am facing an issue related to burp suite Enterprise REST API scan feature. I was giving services of security automation to one of my client, we were in trail phase and I was using request command generated from weburl:8080/api/<APIKEY>/v0.1/scan. Now I am unable to access this scan endpoint plus I can generate the scan from UI script request but I am unable to use it from CLI.It is giving me error that {"error":"Unexpected ''' at [line 1, column 10]"}* Script I am using: curl -vgw "\n" -X POST http://<IP>:8081/api/<>/v0.1/scan -d '{"application_logins":[{"password":"<>","type":"UsernameAndPasswordLogin","username":"<>"}],"name":"<>","scan_configurations":[{"name":"105303e2-ec50-4662-84a9-8817c078ab84","type":"NamedConfiguration"}],"urls":["<targetsite>"]}' Can you guide me about the reason I am facing this problem, is there any new update regarding REST API Execution from CLI? Waiting for your response anxiously.

Thomas, PortSwigger Agent | Last updated: Jun 09, 2023 08:07AM UTC

Hi Hira,

Thank you for letting us know about your difficulties with running a REST API command via your CLI.

Since the error you are receiving is referring to character 10 in your command, the seems to be a formatting issue with your quotation marks.

Could you please either manually type the command into the CLI or re-generating the command from the REST API?

Hira | Last updated: Jun 09, 2023 09:20AM UTC

Hello Thomas! I tried both but it's not working even though i am not able curl to /scan endpointfrom cli with this command http://ip:8080/api/<APIKEY>/v0.1/scan. i am also not able to access this endpoint from browser too. It is giving me this error from both side: {"error":"Malformed URL: expecting an identifier"}

Thomas, PortSwigger Agent | Last updated: Jun 09, 2023 09:35AM UTC

Hi Hira, Thank you for letting me know. Firstly, the malformed URL error is because you are trying to directly navigate to the full URL listed. If you remove /scan that URL will be accessible via your browser. Furthermore, if you go to your RESI API to generate the command again via: http://<IP>:<PORT_NUM>/api/<>/v0.1/ and regenerate the script, can you confirm if this works? Could you also clarify for me what port number your Enterprise is on as you mention 8080 and 8081?

Hira | Last updated: Jun 09, 2023 11:52AM UTC

Yes Thomas i am trying to generate command again and again via this http://<IP>:<PORT_NUM>/api/<>/v0.1/ URL and is the exact script i am getting from this: curl -vgw "\n" -X POST 'http://<ip>:8080/api/<APIKEY>/v0.1/scan' -d '{"application_logins":[{"password":"<>","type":"UsernameAndPasswordLogin","username":"<>"}],"name":"<>","scan_configurations":[{"name":"63cc3d5a-1619-4d7a-b543-db572b2f75fd","type":"NamedConfiguration"}],"scope":{"type":"SimpleScope"},"urls":["<>"]}' and this script is giving me errors while running from CLI and not letting me to run scan from CLI.I tested this same script 3 months back and it was working fine from CLI. We were using 8081 port first then switched to 8080 port but this thing is still the same.

Thomas, PortSwigger Agent | Last updated: Jun 09, 2023 12:55PM UTC

Hi Hira, Could you please try running the command from your REST API page and let me know what error you are encountering? A full screenshot or extract would be ideal showing the response. If you prefer to not send this information over the forum, please create a support case with this information by emailing us at support@portswigger.net

Hira | Last updated: Jun 16, 2023 08:42PM UTC