Research Academy
My account Customers About Blog Careers Legal Contact Resellers

Burp Suite User Forum

Create new post

scan ID from POST response

asdf | Last updated: Jun 24, 2020 03:30PM UTC

I'm initiating a scan using Burp POST REST API (curl -vgw "\n" -X POST 'http:burpURL' -d '{"urls":[targetURL]}'), I see even number (scan / task_id) as a part of HTTP response location header but if I initiate a scan using GraphQL API (mutation Schedule {create_schedule_item...}), I see odd number (and wrong scan id) in JSON response. Why is it different and how can I use the scan ID to perform further action like GetScanReport or Delta

Hannah, PortSwigger Agent | Last updated: Jun 25, 2020 06:45AM UTC

With the GraphQL API there isn't a one to one correspondence between schedule items and scans, you can schedule recurring scans, and the first scan does not have to run immediately. The returned ID is the ID of the schedule item, not the ID of the first scan (which we may not have given an ID to yet). The IDs for scans and schedule items come from the same pool, hence the odd/even thing if you only ever create one scan per schedule. The graphQL API is more flexible, but less convenient for the use case of running a single scan as you need to poll to get the results of a scan when it's complete.

Attila | Last updated: Sep 07, 2020 12:58PM UTC

And how can I get the ID of the scan in order to get the result of the scheduled scan?

Michelle, PortSwigger Agent | Last updated: Sep 08, 2020 10:06AM UTC

Hi Are you looking to find the scan id after having created a scan using the create_schedule_item via the GraphQl API?

You must be an existing, logged-in customer to reply to a thread. Please email us for additional support.