Research Academy
My account Customers About Blog Careers Legal Contact Resellers

Burp Suite User Forum

Login to post

How Do I read the burp saved state.

Amar | Last updated: Mar 25, 2015 10:53AM UTC

I need to extract some information from the saved burp state file. The burp state file is in zip format. So I'd unzipped the file and it contents xml. For some reason none of the php xml reader is able to read the file. It's failing at first response. It would be better if you base64 encode the request and response in the burp state file. Like you give option while exporting the scanner results. How should I read the burp state file? Thank you

PortSwigger Agent | Last updated: Mar 25, 2015 11:28AM UTC

The Burp state file format contains some XML-like features but it is really a proprietary format and is not designed for consumption by anything other than Burp itself. We don't document the format, and it is subject to change, though Burp should always be backwards-compatible with earlier versions. We don't recommend trying to parse or process state files yourself. If you want to do processing on the data in a state file, the best approach is to load it into Burp and then use the API to query the contents of the various data (Proxy history, Scanner issues, etc.).

Burp User | Last updated: Mar 25, 2015 06:47PM UTC

I can't load the burp state file because the user uploads the state file and backend code needs to process and extract the required information ( like: request, response etc). That extracted information is further used for different checks. Is there any other way I can process the state file? Thank you

PortSwigger Agent | Last updated: Mar 26, 2015 10:17AM UTC

You can use Burp on your backend to load the state file and extract the relevant data. You could use an extension to do this in an automated way if needed. If you are consuming only scan results, you could also have the user save their scan results in XML format, which is intended for consumption by other tools. As I said, we don’t recommend trying to parse or process state files yourself. You should also be aware that we are working on a replacement to the state file mechanism. This will use a completely different file format, which again will not be designed for consumption by other tools, and the only way to reliably extract data from it will be via Burp and the API, the same as currently.

You need to Log in to post a reply. Or register here, for free.