Burp Suite User Forum

Login to post

REST API Does Not Set Content-Type Header When Invoking Callback

bryan.burman | Last updated: Jul 10, 2019 01:46PM UTC

When Burp's REST API issues a PUT request to the callback supplied to /scan, Burp does not set the Content-Type header. This causes issues when trying to integrate various tooling, such as ASP.NET Core 2.0. The platform doesn't receive a designated content type and is thus unable to perform content type negotiation. Here's an example of the payload that I receive: PUT / HTTP/1.1 Host: <omitted> Content-Length: 438 Accept-Encoding: gzip {"task_id":"12","scan_status":"crawling","scan_metrics":{"crawl_requests_made":16,"crawl_network_errors":0,"crawl_unique_locations_visited":2,"crawl_requests_queued":0,"audit_queue_items_completed":0,"audit_queue_items_waiting":0,"audit_requests_made":0,"audit_network_errors":0,"issue_events":0,"crawl_and_audit_caption":"Unauthenticated crawl. Estimating time remaining...","crawl_and_audit_progress":-1},"message":"","issue_events":[]}

Rose, PortSwigger Agent | Last updated: Jul 10, 2019 01:47PM UTC

Thanks for your message. Our development team have added this header and it should be available in the next release. Unfortunately, we're not able to provide an ETA on this, but we'll let you know when it is available.

You need to Log in to post a reply. Or register here, for free.