Research Academy
My account Customers About Blog Careers Legal Contact Resellers
The Burp Suite User Forum was discontinued on the 1st November 2024.

Burp Suite User Forum

For support requests, go to the Support Center. To discuss with other Burp users, head to our Discord page.

SUPPORT CENTER DISCORD

Difference in response when active scan initiated via "BURP REST API Extension" and "BURP UI"

Ashis | Last updated: Feb 15, 2021 05:51AM UTC

Observed that when "Active scan" is initiated via 'Burp REST API Extension', there is no response obtained for a request. However, if "Active Scan" is performed via the 'Burp UI-> Right Click option ("Do Active Scan")' then the response is obtained for the same request. Please suggest the reason for difference in behavior.

Uthman, PortSwigger Agent | Last updated: Feb 15, 2021 09:25AM UTC

Hi Ashis, The REST API only supports a full Crawl & Audit for the URL you have specified. This is different from right-clicking in Burp and selecting > Do Active Scan because the latter already has the appropriate session information in the request (e.g. cookies, headers, etc...). For any scans launched via the REST API, they are equivalent to selecting New scan > Crawl & Audit so the appropriate session information in your request will not be visible (especially if you manually captured requests via the browser through the Proxy). We have registered your interest in a feature request to allow audit-only scans to be triggered via the REST API and we will let you know when this has been implemented.

RAMAN | Last updated: Mar 01, 2024 10:52AM UTC

is there any update here?

Dominyque, PortSwigger Agent | Last updated: Mar 01, 2024 11:35AM UTC