Research Academy
My account Customers About Blog Careers Legal Contact Resellers

Burp Suite User Forum

Create new post

Chatbots / APIs

Jamil | Last updated: Mar 02, 2021 05:58AM UTC

Greetings all, as I'm new to Burp, how can I scan a chatbot, and APIs? suppose I have https://xyz.domain.com/BOT/API/IDCB Thanking you

Hannah, PortSwigger Agent | Last updated: Mar 02, 2021 12:09PM UTC

Hi The ability to scan APIs was recently released in our Scanner. You can find out more about the requirements and limitations included with that here: https://portswigger.net/burp/documentation/desktop/scanning/api-scanning You can also manually crawl APIs. You can find out more information on that here: - https://portswigger.net/support/using-burp-to-test-a-rest-api - https://portswigger.net/support/using-burp-to-enumerate-a-rest-api

Jamil | Last updated: Mar 02, 2021 01:23PM UTC

Thank you for the reply, I came through my search to both urls you posted above, is there any guide or "walk-through" reference on testing Web APIs and ChatBots? I will be thankful to you

Hannah, PortSwigger Agent | Last updated: Mar 03, 2021 04:49PM UTC

We don't have any further documentation. However, other users may have posted more in-depth guides on the web. There is a Web Security Academy lab that utilizes a basic chatbot with WebSockets - the main focus is on the WebSockets messages though. - https://portswigger.net/web-security/websockets

You must be an existing, logged-in customer to reply to a thread. Please email us for additional support.