Burp Suite User Forum

Create new post

Import Scan Configurations via User Options

Tyler | Last updated: Sep 04, 2023 10:48AM UTC

Hi, In the Configuration Library, you can export and import configurations. Is there a way to append these exports to a user configuration file so that they can be loaded when you create the project? I cant see it in the documentation for settings. If not, is there a way to load configurations through Montoya? Thank you, Tyler

Hannah, PortSwigger Agent | Last updated: Sep 04, 2023 03:24PM UTC

Hi Tyler There is not currently a way to provide configurations to the Configuration Library through the Montoya API. Can you provide more information on the functionality you are trying to achieve so we can suggest alternatives or raise a feature request?

Tyler | Last updated: Sep 05, 2023 06:09AM UTC

Thanks Hannah. What I'm looking to do is take our custom scan configurations for the organisation and add them to a tool that all consultants use. That way people don't need to repeatedly import or recreate the scan configurations. Sort of related, but I see there is functionality for Tasks and to addRequest() to audits. Is there a way to list the current tasks and then use Montoya to add requests to a current task? I've had a look at the docs and examples but may have missed it. It looks like I can add to audits but I would first need to see a list of all current audits. Thank you!

Hannah, PortSwigger Agent | Last updated: Sep 05, 2023 02:52PM UTC

Unfortunately, it doesn't look like there's any workaround for this other than having some sort of centralized folder with specific scan configurations for your consultants to import. If your consultants are just running scans, Burp Suite Enterprise Edition may be better suited for this use case. As it's designed to scan large quantities of sites in a more hands-off way, it has a central repo of scan configurations that you can add to. There are also more options available in terms of automation and integration. If it sounds like it may be useful, then you can find out more and request a free trial here: https://portswigger.net/burp/enterprise When adding requests to an Audit in the Montoya API, the requests will be added to a new extension-generated task. This is similar to a live task, and the scan configuration is not configurable.

Tyler | Last updated: Sep 06, 2023 07:10AM UTC

No worries, thanks for the info. Scanning is a small part of what the consultants do so I think Burp Pro is the best solution for us. The audit stuff will definitely be useful! I'll also say you guys have done a great job with Montoya and its enabling us to work in new and more efficient ways. The technical support has been immense too, never had to wait long at all for answers to my queries. So thank you team!

Hannah, PortSwigger Agent | Last updated: Sep 06, 2023 12:43PM UTC

Glad to hear that's helped! If there's anything else we can help with, then please let us know.

You must be an existing, logged-in customer to reply to a thread. Please email us for additional support.