Burp Suite User Forum

Login to post

carbonator for remote scan

ranjiniganeshan | Last updated: Nov 05, 2020 06:36PM UTC

I have installed carbonator,java and jython. I have configured proxy, upstream proxy and intercept to be turned off. The same configuration is saved and I m using this in commandline. java -jar -Xmx2g -Djava.awt.headless=true "C:\Program Files\burp\burpsuite_pro.jar" https ui-*****.*****.**********.com 443 / --user-config-file=user.json this user.json has the settings which I manually performed except the application login. I configured the application login and saved to the library 1. What will be the location of this application login file ?how should I specify this in commandline? 2. location of the scan results ? Please let me know if the user has option to specify the location to save the results.

Uthman, PortSwigger Agent | Last updated: Nov 06, 2020 09:58AM UTC

Hi, Our support team does not manage third-party extensions, unfortunately. You will need to raise an issue directly with the extension developer on GitHub: - https://github.com/integrissecurity/carbonator/issues It does not look like the project is being actively updated to be compatible with Burp 2.x. The user config file should only contain options under User options in Burp. If you are just trying to launch scans programmatically, you can use the REST API: https://portswigger.net/blog/burps-new-rest-api Alternatively, you can check out our Enterprise product: https://portswigger.net/burp/enterprise

You need to Log in to post a reply. Or register here, for free.