Research Academy
My account Customers About Blog Careers Legal Contact Resellers

Burp Suite User Forum

Create new post

Jenkins plugin fail

Todd | Last updated: Jul 23, 2021 06:50PM UTC

Developer who manages Jenkins server for a CI pipeline reports: the Burp plugin installed successfully and offers the options they mention in the instruction but they are non-responsive for some reason, just nothing happens. I tried installing it twice and also completely restarted the Jenkins server but it is the same. There are no error messages related to this issue and nothing in the logs to indicate the source of the problem.

Todd | Last updated: Jul 23, 2021 06:55PM UTC

More details: For Burp Suite I installed burp-jenkins-integration-2021.3-49.hpi plugin (twice) and attempted to create a Build step in a Freestyle project. The options for the Burp scan are offered indicating the plugin installed successfully however nothing happens (no error, just non-responsive) when either option is chosen. I'm afraid I'm not sure what may be happening there. It could be our Jenkins environment is missing some kind of prerequisite component or something to that extent. I could not locate any similar reports online.

James, PortSwigger Agent | Last updated: Jul 26, 2021 08:15AM UTC

Hi Todd,

Thanks for getting in touch, A few things to check:

Which version of Burp Enterprise and Jenkins are you using? The plugin requires Java 9 or above so you would need to ensure Jenkins is using Java 11 for the plugin to work.

Did you add your Jenkins server URL into Settings > Network > Allowed Origins for GraphQL API on your Enterprise server? In the format https://your-jenkins-domain.com:8080

Are there any connection issues between your Enterprise and Jenkins server? Are they on the same network? If not, are the appropriate firewall rules in place? Does your Jenkins server need to communicate with a corporate proxy to reach the internet?

Boris | Last updated: Jul 26, 2021 06:21PM UTC

Hello, Thank you for the response! It appears the issue may indeed be related to the installed Java version. We will review the setup in Jenkins and follow up.

James, PortSwigger Agent | Last updated: Jul 27, 2021 07:55AM UTC

Hi Boris, Thanks for letting us know. Please get in touch if you need any further assistance. Have a good day.

Boris | Last updated: Aug 03, 2021 08:55PM UTC

Hello, Thank you again for your guidance. After upgrading Jenkins to use JDK 11 the Burp Suite plugin is now responsive and can be added as a build action however if we select the "Burp Site Driven Scan" and enter the URL along with the API key the option "The site to be scanned" remains locked and greyed out. We tried number of setting combinations and verified credentials and permissions but the select box remains locked and greyed out. There are no errors that we noticed anywhere. Please advise us what might be causing this.

James, PortSwigger Agent | Last updated: Aug 04, 2021 08:07AM UTC

Hi Boris,

Thanks for getting back in touch.

For the Burp site driven scan, can you please check you have completed all the steps in the below link?
https://portswigger.net/burp/documentation/enterprise/administration-tasks/ci-cd/jenkins/site-driven

Are there any connection issues between your Enterprise and Jenkins server? Did you configure any necessary firewall rules? Communication will be on port 8080 if you have the default Burp Enterprise port settings.

Are your Burp Enterprise and Jenkins servers on the same network or have you assigned public internet access for the servers? Are you able to test connectivity between the machine with the Enterprise server and the machine with the Jenkins server? e.g telnet

If you are still having issues please can you email across some screenshots including the Jenkins settings and also your network page and API user configuration page from Burp Enterprise.

support@portswigger.net

You must be an existing, logged-in customer to reply to a thread. Please email us for additional support.