Research Academy
My account Customers About Blog Careers Legal Contact Resellers
The Burp Suite User Forum was discontinued on the 1st November 2024.

Burp Suite User Forum

For support requests, go to the Support Center. To discuss with other Burp users, head to our Discord page.

SUPPORT CENTER DISCORD

Insert Jenkins parameters / variables in Burp API POST - JSON scan definition

asdf | Last updated: Jun 05, 2020 05:55PM UTC

I'm using "Burp plugin for Jenkins" to initiate Burp scan from Jenkins. In Jenkins, I have parameters like scan URLs, application name, scan configurations etc. How can I use or insert these parameters in "Scan definition in JSON format" for Burp scan plugin in Jenkins. For e.g. Jenkins string parameter: APP_NAME, APP_URL and how can I insert APP_NAME in Burp API POST request inside JSON {"name": APP_NAME..... or even APP_URL inside JSON "urls": APP_URL..... What is the correct syntax to insert it in JSON? I have tried different syntaxes but no luck: $APP_NAME {APP_NAME} ${APP_NAME} "$APP_NAME" '$APP_NAME' "${APP_NAME}" '${APP_NAME}' '{APP_NAME}' 'APP_NAME' ${params.APP_NAME} ${env.APP_NAME} %APP_NAME%

Hannah, PortSwigger Agent | Last updated: Jun 08, 2020 10:15AM UTC

Can you clarify whether you are using Burp Suite Enterprise Edition, or Burp Suite Professional? Have you tried accessing the Burp REST API and using it to interactively build your request?

asdf | Last updated: Jun 08, 2020 02:49PM UTC

I'm using Burp Suite Enterprise Edition and below is the workflow which makes it difficult to build POST requests for every scan. 1. I need to scan multiple apps. (1000+) and all have different names and URLs 2. These apps. are on demand i.e. their names and URL can change and unfortunately, there is no way to build the BURP SCAN POST request before hand using BURP REST API dashboard. Plus these apps. (with their name and URL) are coming into Jenkins automatically. 3. Jenkins string parameters APP_NAME and APP_URL are being set for each application name and URL respectively. And I need to insert these parameters in "Scan definition in JSON format" for Burp scan plugin in Jenkins automatically without copying and pasting it everytime from BURP API dashboard. What is the point of integrating Burp in CI CD tools if automation cannot be performed.

Hannah, PortSwigger Agent | Last updated: Jun 08, 2020 03:45PM UTC

Apologies, I only meant to suggest using the API to work out the basic structure of the requests rather than to create a new API request each time. Once you have the basic structure, you could write a simple program or script to automatically generate your API calls for your Jenkins pipeline.

asdf | Last updated: Jun 08, 2020 04:24PM UTC

Sure, I can definitely script it but again I have to insert the variable containing Burp scan JSON definition at "Scan definition in JSON format" for Burp scan plugin in Jenkins. How can it be done. Is it possible if I can reach you directly and share screenshots for better understanding?

Hannah, PortSwigger Agent | Last updated: Jun 09, 2020 10:49AM UTC