Burp Suite User Forum

Login to post


Will | Last updated: Apr 22, 2021 09:22PM UTC

Hey Burp Team, having some issues with how the Burp Suite Enterprise Edition REST API functions. Right now, starting a scan only requires a list of URLs to be scanned. However, my team sets up the site in BSEE either through the dashboard or using the GraphQL API endpoint. To have the REST API match the preconfigured site, the list of URLs and the site name must be exactly the same in the request as in the dashboard. If they do not match, the scan can either be run without proper configuration or return a HTTP 500 error, which can be handled. This presents a problem when dealing with sites that have a large amount of URLs needing to be scanned, which leads to extremely large request bodies or misconfigured URL lists. Is there a roadmap to have the REST API endpoint optionally use the site ID to request a new scan? Or move that functionality to the GraphQL API, which already leans into the ID functionality? Thanks!

Liam, PortSwigger Agent | Last updated: Apr 23, 2021 10:18AM UTC

William, we think you should be able to perform everything that you want using GraphQL. Run a new scan: mutation CreateScheduleItem { create_schedule_item(input: {site_id: "2"}) { schedule_item { id } } } https://portswigger.net/burp/extensibility/enterprise/graphql-api/ScheduleItem.html

You need to Log in to post a reply. Or register here, for free.