Research Academy
My account Customers About Blog Careers Legal Contact Resellers
The Burp Suite User Forum was discontinued on the 1st November 2024.

Burp Suite User Forum

For support requests, go to the Support Center. To discuss with other Burp users, head to our Discord page.

SUPPORT CENTER DISCORD

Issues interacting with Burp Pro Rest API from the command-line (stoping & starting the service and removing cache)

marty | Last updated: Oct 06, 2023 02:43PM UTC

I'm running into twp issues with the Burp Pro REST API, that might be related. APIs are ideal for automation, so the first thing I did was making sure the rest API always running. The only way to do that - as far as I could determine - is to run burp in headless mode. I then created a cronjob that checks and runs the shell command necessary to start burp in headless mode. This works, but it has one significant drawback: there is no apparent way to shut it down cleanly. So what I do now is I simply kill the process and start it again. (this might be necessary when a reboot of the server is necessary for example) What I then notice is that whenever Burp is started again and I activate a new (crawl & audit) scan, it starts again with TaskID 3. I don't mind so much that it does this, but the problem is that it seems to be using results from the previous (taskid 3) run. I notice that in this case the crawl and audit phase are instantly finished. So, the question is: how can I 1) detect the presence of this cache and 2) how can I delete it? Apart from that I'm wondering what the status is of the API functionality? There are configuration parts you're even discouraged to use because it's untested, there is hardly any documentation, the log file is unreadable (was this created by someone that previously worked in a hotel??), the fact that you cannot really run this as a proper background service, .. it all feels a bit like this was a nice idea, but never got finished.

Hannah, PortSwigger Agent | Last updated: Oct 09, 2023 08:47AM UTC