Research Academy
My account Customers About Blog Careers Legal Contact Resellers

Burp Suite User Forum

Create new post

How to pass URL with headers to Burp REST API to execute POST /scan

Vitaliy | Last updated: Jun 14, 2021 11:36PM UTC

Hi, Could you please advise is it possible to pass URL with headers to Burp REST API to execute POST /scan? If yes - could you please provide example. Thank you

Michelle, PortSwigger Agent | Last updated: Jun 15, 2021 01:21PM UTC

Thanks for your message. Can you tell us a bit more about the scenario and the headers you're wanting to use? If you'd rather share this directly, feel free to send an email to support@portswigger.net.

vitaliy | Last updated: Jun 15, 2021 07:09PM UTC

I want to send to scan via Burp API specific URL which doesn't work without specific headers. Here is example of cURL code snippet: curl --location --request GET 'https://myurltoscan.com' \ --header 'siteId: XX' \ --header 'x-transaction-id: 2d56ddbc-47fc-43bd-8691-fdec333f2fca' \ --header 'locale: en_CA' \ --header 'Cookie: se_gr_exp=1624563034' \ My question is how to send to scan the specified above URL with headers via Burp API? Without these headers resource rejects all requests. So, please advise how to add headers to the following request: curl -vgw "\n" -X POST 'http://localhost:1337/v0.1/scan' -d '{"urls":["https://myurltoscan.com"]}'

Michelle, PortSwigger Agent | Last updated: Jun 16, 2021 02:11PM UTC

Thanks for the details. Although you can't pass these headers directly via the REST API, if the installation of Burp that was being sent the scan request had the appropriate Session Handling rules configured in Project Options then any scans launched via the REST API would have the headers added. https://portswigger.net/burp/documentation/desktop/options/sessions/rule-editor For example: - you could create a session handling rule to set a specific cookie and set the URL scope for this rule to be the URL you are scanning and set the Tools Scope to be the Scanner - you could create a session handling rule to invoke an extension such as 'Add Custom Header' and set the URL scope for this rule to be the URL you are scanning and set the Tools Scope to be the Scanner With the number of headers you are looking to add, you may need to create your own extension to invoke via the session handling rules. https://portswigger.net/burp/extender/writing-your-first-burp-suite-extension I hope this helps, please let us know if you need any further assistance.

You must be an existing, logged-in customer to reply to a thread. Please email us for additional support.