Research Academy
My account Customers About Blog Careers Legal Contact Resellers

Burp Suite User Forum

Create new post

How to save scan errors when start from command line

Randy | Last updated: Aug 04, 2021 05:05PM UTC

Hi, I ran Burp scan from the command line, which use my extension to start the scan by calling the API doActiveScan function. I check the burp file, the 'Event Log' and 'Logger'are blank. In the 'Audit items' tab, number of items are finished with error which I am unable to view any information. Is there a way to save output from 'Event Log' and 'Logger' to file? Thanks

Uthman, PortSwigger Agent | Last updated: Aug 05, 2021 09:12AM UTC

Hi Randy, The Event log information does not persist in the project file when Burp is restarted, unfortunately. I have registered your interest in a feature request to address this so we will let you know if/when that is implemented. There is no API method to export the Event Log information either. We will be adding an export feature for the Logger in the future but there is no API method for this yet. If you install Flow or Logger++, can you see the errors related to the Audit items? Is the issue that the Logger is not populating at all from within the Task itself (View details > Logger)? Do you see any requests in the Logger tab? If you launch an active scan from within Burp (via the context menu) on the same URL(/s), do you still see some errors?

Randy | Last updated: Aug 05, 2021 07:57PM UTC

Hi, Thank you for help raising the feature request. It would be really nice to have a log export ability without interact with the UI. For my situation, Burp start by a python script in a container, which we review the project file later. Flow or Logger++ was built for an UI user so the configure to save log to file is not possible for us since we can't configure it to use the container's path. Running Burp from command line locally also doesn't work because Logger++ and Flow doesn't persist the logs when Burp is restarted. Currently, my work around is to add my extension into Burp UI and launch an active scan.

Uthman, PortSwigger Agent | Last updated: Aug 06, 2021 08:42AM UTC

Hi Randy, Thank you for the feedback. It looks like you may be running Pro as a headless scanner, which is not supported. We have an Enterprise product dedicated to that purpose so I would encourage you to apply for a free trial and use that instead. In terms of logging the HTTP requests/responses, have you taken a look at the Project options > Misc > Logging? Alternatively, you can try writing your own logging tool. We have an example extension here that you could use as a starting point: - https://portswigger.net/burp/extender

Liam, PortSwigger Agent | Last updated: Nov 02, 2021 10:19AM UTC

You now have the functionality to save/export logs from the Logger tool to file. https://portswigger.net/burp/releases#professional

You must be an existing, logged-in customer to reply to a thread. Please email us for additional support.