Research Academy
My account Customers About Blog Careers Legal Contact Resellers

Burp Suite User Forum

Create new post

Burpsuite Related Updates and Questions

Alvin | Last updated: Mar 22, 2021 12:04PM UTC

Hi there, How do I import a postman collection and make Burpsuite work like a postman? Can burp suite work with Swagger UI? What are some of the tools or plugins that can work efficiently with API testing? Is there any Autocomplete-like feature in Burpsuite where we can change the request parameter? For example, when I mouse over getting, i can choose OPTIONS, HEAD instead of sending everything to the intruder. Akin to the session handling macro, is there any way to quickly replace parameters in the repeater apart from the sessions? Lastly, for crawling the website, which options are correct now? I don't see any spidering but active and passive scanning

Uthman, PortSwigger Agent | Last updated: Mar 22, 2021 02:29PM UTC

Hi Alvin,

You can use the article below to help you capture the postman requests in Burp:

  • https://secureideas.com/blog/2019/03/better-api-penetration-testing-with-postman-part-2.html

For Swagger/OpenAPI definitions, you can either use the OpenAPI parser extension or provide the URL to the scanner (for OpenAPI v3 files):

  • https://portswigger.net/bappstore/6bf7574b632847faaaa4eb5e42f1757c
  • https://portswigger.net/burp/documentation/desktop/scanning/api-scanning
  • https://portswigger.net/blog/api-scanning-with-burp-suite

Can you clarify what you mean by the "Autocomplete-like" feature? Which version of Burp are you using?

In terms of replacing parameters in the Repeater, are you intending on doing this automatically? Have you tried using the 'Auto Repeater' or 'Stepper' extension?

Spidering has been replaced by 'Crawling'. You can find out further information below:

  • https://portswigger.net/blog/burp-2-0-where-are-the-spider-and-scanner

You must be an existing, logged-in customer to reply to a thread. Please email us for additional support.