Research Academy
My account Customers About Blog Careers Legal Contact Resellers

Burp Suite User Forum

Create new post

Encounter Error: connection refused when run the generic CI driver locally

Jesse | Last updated: Jul 02, 2020 04:57AM UTC

Hi team, I run into an issue when I try to run the CI driver locally, I use the burp-ci-driver-1.0.5beta.jar because this version does not require self-signed-certificate, but when I run the scan command, my terminal returned an error ERROR: Connection reset echo BURP_SCAN_URL = <URL> | java -jar burp-ci-driver-1.0.5beta.jar --scan-definition=test.json http://<my burp server IP>/api/<api key> where test.json is copy from console generated json format file. Please advise, thanks. Jesse

Uthman, PortSwigger Agent | Last updated: Jul 02, 2020 10:51AM UTC

What is inside the test.json file? Are you including the port number in your API URL? (e.g. http://127.0.0.1:8081/api/<API-KEY>)

Jesse | Last updated: Jul 02, 2020 04:53PM UTC

The test.json file is like below. {"scan_configurations":[{"name":"Crawl strategy - most complete","type":"NamedConfiguration"},{"name":"Audit coverage - thorough","type":"NamedConfiguration"}],"scope":{"include":[{"rule":" https://www.companyname.com"}],"type":"SimpleScope"},"urls":[" https://www.company.com"]} I added the port number and tried again and it returned different error message 1st time like below: echo BURP_SCAN_URL = https://www.companyname.com | java -jar burp-ci-driver-1.0.7beta.jar --scan-definition=test.json http://<Burp IP>:8080/api/<burp API> --self-signed-cert=company_new.pem 2020-07-02 12:43:53 BURP_SCAN_STATUS: initializing 2020-07-02 12:44:23 BURP_SCAN_STATUS: failed - Failed to start 2020-07-02 12:44:23 BURP_SCAN_SUMMARY: requests made: 0, network errors: 0 2020-07-02 12:44:23 BURP_SCAN_RESULT: 0 issues failed the build Then When I tried the same command the 2nd time I got the error: echo BURP_SCAN_URL = https://www.companyname.com | java -jar burp-ci-driver-1.0.7beta.jar --scan-definition=test.json http://<Burp IP>:8080/api/<burp API> --self-signed-cert=company_new.pem ERROR: net.portswigger.aR: java.net.SocketException: Connection reset Sounds to me like something block the burpsuite API because of the 1st attempt failed? please advise, thanks in advance.

Uthman, PortSwigger Agent | Last updated: Jul 02, 2020 05:34PM UTC

Try specifying an empty array for URLs and delete the scope from your scan configuration. You will also need to use --custom-scan-configuration instead of --scan-definition. Example in test.json: {"scan_configurations":[{"name":"Crawl strategy - most complete","type":"NamedConfiguration"},{"name":"Audit coverage - thorough","type":"NamedConfiguration"}],"urls":[""]} Your scope is already set by reference to it in BURP_SCAN_URL. The final command would be run like below: echo BURP_SCAN_URL=https://www.companyname.com | java -jar burp-ci-driver-1.0.7beta.jar <ENTERPRISE-SERVER-URL>/api/<API-KEY> --custom-scan-configuration=test.json --self-signed-cert=Cert.pem If you receive a 500 server error with an extension code of 56, the site name may already exist so you will need to include a name in your scan configuration that differs from a site already existing with the same name and URL. Let me know if you have any issues with this.

Jesse | Last updated: Jul 02, 2020 08:30PM UTC

Thank you for the prompt response, I revised the test.json file and rerun the test, it looks like it worked the 1st attempt, but got the same error again at the 2nd attempt. 1st attempted command: echo BURP_SCAN_URL=https://www.companyname.com | java -jar burp-ci-driver-1.0.7beta.jar <ENTERPRISE-SERVER-URL>/api/<API-KEY> --custom-scan-configuration=test.json --self-signed-cert=cert.pem returned: 2020-07-02 04:19:08 BURP_SCAN_STATUS: initializing 2020-07-02 04:19:33 BURP_SCAN_STATUS: auditing 2020-07-02 04:22:48 BURP_SCAN_STATUS: succeeded 2020-07-02 04:22:48 BURP_SCAN_SUMMARY: requests made: 3250, network errors: 2 2020-07-02 04:22:48 BURP_SCAN_RESULT: no issues detected 2nd attempted command: exact same command used in 1st attempted returned: ERROR: net.portswigger.aR: java.net.SocketException: Connection reset Is that local machine's network issue? thanks again for the help

Uthman, PortSwigger Agent | Last updated: Jul 03, 2020 08:56AM UTC

The issue may be that a new site with the same URL and name is trying to be created. Can you try including an arbitrary name in your JSON to see if the scan launches successfully? Try this: {"scan_configurations":[{"name":"Crawl strategy - most complete","type":"NamedConfiguration"},{"name":"Audit coverage - thorough","type":"NamedConfiguration"}],"name": "test123", "urls":[""]} Have you considered using the GraphQL API instead? You can use CreateScheduleItem (https://portswigger.net/burp/extensibility/enterprise/graphql-api/create_schedule_item.html) to launch your scans.

Jesse | Last updated: Jul 06, 2020 07:48PM UTC

Hi, I tried that and still get the same error, but if I integrate it to Gitlab it works because everything the new job creates a new ephemeral pod. Thanks for help. Jesse

Michelle, PortSwigger Agent | Last updated: Jul 07, 2020 08:55AM UTC

Hi Jesse Thanks for the update, if there's anything else you need help with, let us know.

You must be an existing, logged-in customer to reply to a thread. Please email us for additional support.