Burp Suite User Forum

How can I pass my customized scanner options with active and passive scan?

Prateek | Last updated: May 19, 2020 09:24PM UTC

How can I choose customized scanner options with active and passive scan through API? Can I overwrite the default options or set my customized scanner options as default in command line when I start burp in headless mode?

Michelle, PortSwigger Agent | Last updated: May 20, 2020 08:43AM UTC

When starting a scan via the API you can specify either specific Named Configurations to use for the scan curl -vgw "\n" -X POST 'http://127.0.0.1:1337/<API KEY>/v0.1/scan' -d '{"scan_configurations":[{"name":"NAME_OF_CONFIGURATION_TO_USE","type":"NamedConfiguration"}],"urls":["www.mywebsite.com"]}' or choose to specify a custom configuration and supply the JSON curl -vgw "\n" -X POST 'http://127.0.0.1:1337/<API KEY>/v0.1/scan' -d '{"scan_configurations":[{"config":"INSERT_JSON_HERE","type":"CustomConfiguration"}],"urls":["www.mywebsite.com"]}' Please let us know if you need any further assistance.

Prateek | Last updated: May 20, 2020 03:20PM UTC

That API is used for starting crawl and audit I believe. I want to perform active and passive scans on site that is already in the sit map. There is no where I can choose my own configuration for that.

Michelle, PortSwigger Agent | Last updated: May 21, 2020 01:43PM UTC

It is possible to change the settings used by the active and passive scans in the UI but you would be changing them for each particular task rather than changing any default settings. Could you tell us more about your end-to-end workflow and the steps you would like to take to perform the crawl and audit of your site, please? I can see one of your colleagues has already contacted us via email, so if this is already being covered in that case, it may be best to continue this via the emails so that we can share more detailed information directly rather than on a public forum.

You need to Log in to post a reply. Or register here, for free.