Research Academy
My account Customers About Blog Careers Legal Contact Resellers
The Burp Suite User Forum was discontinued on the 1st November 2024.

Burp Suite User Forum

For support requests, go to the Support Center. To discuss with other Burp users, head to our Discord page.

SUPPORT CENTER DISCORD

scan ID from POST response

asdf | Last updated: Jun 24, 2020 03:30PM UTC

I'm initiating a scan using Burp POST REST API (curl -vgw "\n" -X POST 'http:burpURL' -d '{"urls":[targetURL]}'), I see even number (scan / task_id) as a part of HTTP response location header but if I initiate a scan using GraphQL API (mutation Schedule {create_schedule_item...}), I see odd number (and wrong scan id) in JSON response. Why is it different and how can I use the scan ID to perform further action like GetScanReport or Delta

Hannah, PortSwigger Agent | Last updated: Jun 25, 2020 06:45AM UTC

With the GraphQL API there isn't a one to one correspondence between schedule items and scans, you can schedule recurring scans, and the first scan does not have to run immediately. The returned ID is the ID of the schedule item, not the ID of the first scan (which we may not have given an ID to yet). The IDs for scans and schedule items come from the same pool, hence the odd/even thing if you only ever create one scan per schedule. The graphQL API is more flexible, but less convenient for the use case of running a single scan as you need to poll to get the results of a scan when it's complete.

Attila | Last updated: Sep 07, 2020 12:58PM UTC

And how can I get the ID of the scan in order to get the result of the scheduled scan?

Michelle, PortSwigger Agent | Last updated: Sep 08, 2020 10:06AM UTC