Burp Suite User Forum

Create new post

OpenAPI Parser Identify parameters in URL paths

Aster | Last updated: Jul 19, 2023 09:36AM UTC

Hi, We have a issue that when loading swagger files via swurg extension, "{}" is not recognized as a parameter in burp. The content of file is like: "/api/open/v1/teams/{team_id}/users": { "get": { "summary": "TBD", "tags": [ "Teams::Users" ], "parameters": [ { "name": "team_id", "in": "path", "schema": { "type": "integer", "example": 1 }, "required": true, "description": "TBD" } ] } } However, {team_id} will not be marked as a parameter. I have read the post: https://forum.portswigger.net/thread/auto-marking-parameters-in-url-paths-in-intruder-ba3d7ae7 But still don't know where should I change the code. Is there a more clear or easy way to implement this? Thank you.

Dominyque, PortSwigger Agent | Last updated: Jul 19, 2023 12:30PM UTC

Hi If you are using the Intruder, you can click the 'Add' button to insert the payloads. Let me know if this helps!

Aster | Last updated: Jul 19, 2023 12:34PM UTC

Hi, Is there any way to do this automatically? Cause we would like to use "Do Active Scan" function to scan APIs.

Dominyque, PortSwigger Agent | Last updated: Jul 19, 2023 12:45PM UTC

Hi It can be that the scanner has already been picking up the insertion point. You can have a look at the Logger tab to see if any payloads got placed there. Alternatively, you can look at the Montoya API (https://github.com/PortSwigger/burp-extensions-montoya-api-examples) to add an additional insertion point if you like this to be done automatically.

You must be an existing, logged-in customer to reply to a thread. Please email us for additional support.