Burp Suite User Forum

Create new post

problem with API scanning

Eric | Last updated: Mar 14, 2023 05:47PM UTC

Hello, I would like to scan APIs with Burp Suite. I want to scan it with Burp Suite professional first. I tried hosting my OpenAPI specs at http://127.0.0.1/api_specs.json. And I add the URLs https://(my target site) and http://127.0.0.1/api_specs.json to the "Included URLs" section of the site configuration but it didn't work. Burp Suite Professional still can't crawl the API endpoint on my target site. Could it be possible to have some help with that?

Michelle, PortSwigger Agent | Last updated: Mar 15, 2023 10:27AM UTC

Hi Does the API definition match the OpenAPI version 3.x.x specification? https://portswigger.net/burp/documentation/scanner/scanning-apis If it does, can you please email support@portswigger.net with a few more details about your scan setup and the behavior you are seeing?

You must be an existing, logged-in customer to reply to a thread. Please email us for additional support.