Research Academy
My account Customers About Blog Careers Legal Contact Resellers
The Burp Suite User Forum will be discontinued on the 1st November 2024.

Burp Suite User Forum

For support requests, go to the Support Centre. To discuss with other Burp users, head to our Discord page.

SUPPORT CENTRE DISCORD

Create new post

OpenAPI Parser Identify parameters in URL paths

Aster | Last updated: Jul 19, 2023 09:36AM UTC

Hi, We have a issue that when loading swagger files via swurg extension, "{}" is not recognized as a parameter in burp. The content of file is like: "/api/open/v1/teams/{team_id}/users": { "get": { "summary": "TBD", "tags": [ "Teams::Users" ], "parameters": [ { "name": "team_id", "in": "path", "schema": { "type": "integer", "example": 1 }, "required": true, "description": "TBD" } ] } } However, {team_id} will not be marked as a parameter. I have read the post: https://forum.portswigger.net/thread/auto-marking-parameters-in-url-paths-in-intruder-ba3d7ae7 But still don't know where should I change the code. Is there a more clear or easy way to implement this? Thank you.

Dominyque, PortSwigger Agent | Last updated: Jul 19, 2023 12:30PM UTC

Hi If you are using the Intruder, you can click the 'Add' button to insert the payloads. Let me know if this helps!

Aster | Last updated: Jul 19, 2023 12:34PM UTC

Hi, Is there any way to do this automatically? Cause we would like to use "Do Active Scan" function to scan APIs.

Dominyque, PortSwigger Agent | Last updated: Jul 19, 2023 12:45PM UTC

Hi It can be that the scanner has already been picking up the insertion point. You can have a look at the Logger tab to see if any payloads got placed there. Alternatively, you can look at the Montoya API (https://github.com/PortSwigger/burp-extensions-montoya-api-examples) to add an additional insertion point if you like this to be done automatically.

You must be an existing, logged-in customer to reply to a thread. Please email us for additional support.