Burp Suite User Forum

Create new post

Montoya API Documentation is not inline with the Montoya test extension

Adrian | Last updated: Dec 22, 2023 09:44AM UTC

Dear all, I am looking to the Montoya test extension from here: https://raw.githubusercontent.com/PortSwigger/burp-extensions-montoya-api/d86f875647ae35ad3647afbc13090f59c5120c8e/api/src/test/java/burp/api/montoya/TestExtension.java In the example the way to trigger a passive scan is something like: Scan scan = scanner.createScan(); scan.addRequestResponse(httpRequestResponse); scan.addConfiguration(PASSIVE_AUDIT_CHECKS); Audit audit = scan.startAudit(); The scanner is an implemetnation of burp.api.montoya.scanner.Scanner Now, looking to the Scanner JavaDoc (https://portswigger.github.io/burp-extensions-montoya-api/javadoc/burp/api/montoya/scanner/Scanner.html) I see no "createScan" method ans no Scan class or interface either. The question is how do trigger a passive or an active scanner from the Montoya API. thx, Adrian

Michelle, PortSwigger Agent | Last updated: Dec 22, 2023 12:04PM UTC

Hi I've just been trying to find that specific example. It's possible you may be looking at an old version. The current examples can be found here: https://github.com/PortSwigger/burp-extensions-montoya-api-examples The options for customizing a scan are limited. The following would achieve the same as right-clicking and choosing 'Do active scan' and would audit one item: Scan scan = api.scanner().createScan(); scan.addRequest(HttpRequest.httpRequestFromUrl("https://ginandjuice.shop/catalog/product/stock")); scan.addConfiguration(BuiltInScanConfiguration.ACTIVE_AUDIT_CHECKS); scan.startAudit(); I hope this helps as a starting point.

Adrian | Last updated: Dec 22, 2023 01:31PM UTC

Michel, Thank you for the resposne. It does not really help. In the Scanner interface there is no "createScan" method; see https://portswigger.github.io/burp-extensions-montoya-api/javadoc/burp/api/montoya/scanner/Scanner.html How can create a Scan using the Montoya API ? There is not even a Scan class in the official API. And BTW the code example is straight from the official documentation: https://portswigger.net/burp/documentation/desktop/extensions

Michelle, PortSwigger Agent | Last updated: Dec 22, 2023 01:43PM UTC

Hi I'm afraid you seem to have found a link that has taken you to some old documentation. Can you confirm how you found his specific example after going to https://portswigger.net/burp/documentation/desktop/extensions so we can get this updated, please? You might find some examples that are closer to what you need if you take a look through things people have created for our BApp Store: https://portswigger.net/bappstore The code for all of these can be viewed on GitHub: https://github.com/portswigger I hope this helps.

You must be an existing, logged-in customer to reply to a thread. Please email us for additional support.