Research Academy
My account Customers About Blog Careers Legal Contact Resellers
The Burp Suite User Forum was discontinued on the 1st November 2024.

Burp Suite User Forum

For support requests, go to the Support Center. To discuss with other Burp users, head to our Discord page.

SUPPORT CENTER DISCORD

GraphQL API GetScan call failing

Zac | Last updated: Oct 21, 2021 12:41PM UTC

I am trialing an on-premise BSEE distribution and I am trying to hit your GetScan (https://portswigger.net/burp/extensibility/enterprise/graphql-api/Scan.html) endpoint and have created the following script (test.sh): ``` #!/bin/bash # pretty print the query script='query GetScan ($id: ID!) { scan(id: $id) { id status agent { id name } site_application_logins { login_credentials { label username } recorded_logins { label } } audit_items { id issue_counts { total } number_of_requests } scan_configurations { id name } } }' # strip out newlines script="$(echo $script)" echo "About to execute: $script" curl -k -i -H "Content-Type: application/json" -H "Authorization: <MY_API_KEY>" -X GET -d "{ \"query\": \"$script\"}" 'https://mybsee.example.com/graphql/v1' ``` Above <MY_API_KEY> is a real value in the script (I can't post it here, obviously). Same with the URL (I have an on-premise version of BurpSuite running off, say, mybsee.example.com). When I run `sh test.sh` I get the following output: About to execute: query GetScan ($id: ID!) { scan(id: $id) { id status agent { id name } site_application_logins { login_credentials { label username } recorded_logins { label } } audit_items { id issue_counts { total } number_of_requests } scan_configurations { id name } } } HTTP/2 200 date: Wed, 20 Oct 2021 23:33:50 GMT x-frame-options: DENY <lots of response headers omitted> {"errors":[{"message":"Unexpected exception occurred. Check logs for more details.","extensions":{"code":77}}]} When I grep the web server logs for "exception", all I see is: 2021-10-21 12:31:53 [qtp1332576265-2275] ERROR b.w.r.WebServerGraphQlExceptionMapper - Unexpected exception javax.ws.rs.NotAllowedException: HTTP 405 Method Not Allowed Is there something wrong with my query? Thanks for any help getting this up and running for me!

Zac | Last updated: Oct 21, 2021 12:44PM UTC

And here is just the curl thats failing (same error), to show its not an issue with the rest of the bash script: curl -k -i -H "Content-Type: application/json" -H "Authorization: <MY_API_KEY>" -X GET -d '{ "query": "query GetScan ($id: ID!) { scan(id: $id) { id status agent { id name } site_application_logins { login_credentials { label username } recorded_logins { label } } audit_items { id issue_counts { total } number_of_requests } scan_configurations { id name } } }"}' 'https://mybsee.example.com/graphql/v1' If someone can help me just get that curl working I can make the rest of the script work as well -- thanks!

James, PortSwigger Agent | Last updated: Oct 22, 2021 08:40AM UTC