Research Academy
My account Customers About Blog Careers Legal Contact Resellers

Burp Suite User Forum

Create new post

REST API Does Not Set Content-Type Header When Invoking Callback

bryan.burman | Last updated: Jul 10, 2019 01:46PM UTC

When Burp's REST API issues a PUT request to the callback supplied to /scan, Burp does not set the Content-Type header. This causes issues when trying to integrate various tooling, such as ASP.NET Core 2.0. The platform doesn't receive a designated content type and is thus unable to perform content type negotiation. Here's an example of the payload that I receive: PUT / HTTP/1.1 Host: <omitted> Content-Length: 438 Accept-Encoding: gzip {"task_id":"12","scan_status":"crawling","scan_metrics":{"crawl_requests_made":16,"crawl_network_errors":0,"crawl_unique_locations_visited":2,"crawl_requests_queued":0,"audit_queue_items_completed":0,"audit_queue_items_waiting":0,"audit_requests_made":0,"audit_network_errors":0,"issue_events":0,"crawl_and_audit_caption":"Unauthenticated crawl. Estimating time remaining...","crawl_and_audit_progress":-1},"message":"","issue_events":[]}

Rose, PortSwigger Agent | Last updated: Jul 10, 2019 01:47PM UTC

Thanks for your message. Our development team have added this header and it should be available in the next release. Unfortunately, we're not able to provide an ETA on this, but we'll let you know when it is available.

You must be an existing, logged-in customer to reply to a thread. Please email us for additional support.