Research Academy
My account Customers About Blog Careers Legal Contact Resellers
The Burp Suite User Forum was discontinued on the 1st November 2024.

Burp Suite User Forum

For support requests, go to the Support Center. To discuss with other Burp users, head to our Discord page.

SUPPORT CENTER DISCORD

How can I scan via Burp Pro API /scan with authentication script

thanhpt | Last updated: Aug 18, 2023 10:23AM UTC

I am using BurpSuite Professional in run in headless mode on my server. I also load user config to BurpSuite and open API runs on http://localhost:1337. When I create a scan via API /scan, in field "applications_login", I passed my recorded login from Burp Navigation Recorder. But after I call API /scan/task_id, the scan status is "paused" and crawl_and_auditing_caption is "Paused task due to: Crawl was configured to use Burp's browser but a browser could not be started". How can I run scan authenticated in headless mode via API?

Hannah, PortSwigger Agent | Last updated: Aug 18, 2023 01:17PM UTC

Hi

When you start Burp, are you using the --unpause-spider-and-scanner command-line argument?

thanhpt | Last updated: Aug 18, 2023 06:54PM UTC

Yes, I ran BurpSuite with unpause-spider-and-scanner option. I also create a scan without authentication and it ran successfully without error. But when I start scan with authentication and script from Burp Recorder, it continue show that Burp browser couldn't be started. Is there any chances that Burp Browser can not run in headless mode?

thanhpt | Last updated: Aug 20, 2023 04:37AM UTC

I forgot to mention that I run BurpSuite Pro on Ubuntu server with no GUI. When I run on Windows server, there is no error like that.

Hannah, PortSwigger Agent | Last updated: Aug 21, 2023 02:05PM UTC

Hi It sounds like the browser that Burp uses for scanning is not able to be launched. Could you check the permissions on your browser binaries and try to launch Chromium headlessly? When launching Chromium, do you receive any error messages? If you're having issues locating your browser binaries, using the "--diagnostics" flag, will print out the browser binary location.

thanhpt | Last updated: Aug 22, 2023 09:15AM UTC

The "--diagnostics" flag didn't show any errors. But I tried to install the chromium on Ubuntu server so it works, turn out in commandline mode, Burp Browser still requires some library that need browser to start. These libraries come with Chromium installation but are not included in Docker. Install Chromium first solved my problem. Thankyou.

Hannah, PortSwigger Agent | Last updated: Aug 22, 2023 09:35AM UTC