Burp Suite User Forum

Login to post

Scanning a site with basic authorization (Burp suite enterprise Rest API)

Andrii | Last updated: May 30, 2019 07:53AM UTC

Hello. I want to scan sites where basic authorization is installed. What tokens can I use in building a curl request for basic authorization? curl -vgw "\n" -X POST 'http://burp.link.to.rest.api/v0.1/scan' -d '{ (???basic auth???) "scan_configurations":[{"name":"Audit checks - all except Java ....... Thank You! Regards.

Liam, PortSwigger Agent | Last updated: May 30, 2019 03:36PM UTC

Have you tried setting and saving Burp's platform authentication settings to a User options configuration file: - https://support.portswigger.net/customer/portal/articles/2927576-configuring-ntlm-with-burp-suite Then loading the config file when you start Burp: - https://support.portswigger.net/customer/portal/articles/2928360-using-burp-s-command-line-arguments

Burp User | Last updated: May 30, 2019 03:47PM UTC

Ok.. And how to do it in the curl request on command line? I use Rest API (Burp Enterprise) from web interface. Than You! Kind regards.

Liam, PortSwigger Agent | Last updated: May 31, 2019 11:03AM UTC

You need to export the working custom configuration then add it to your command using the toolkit. We've sent a screenshot to your email.

Burp User | Last updated: Jun 03, 2019 02:44PM UTC

This method work in RestAPI from port 1337 (created task in Burp Professional (program)) but not working in Rest API (web-version). I have error 401 error in web-serwer logs.

PortSwigger Agent | Last updated: Jun 03, 2019 02:55PM UTC

Hi Andrii, Thanks for following up. 401 means "unauthorized" so indicates there's some problem with the API token you used. To use the Burp Enterprise REST API you need to create a user in the Team screen, with an API key and appropriate permissions. When you do this, you get a popup dialog with the API URL to use. We will email you a screenshot of this.

You need to Log in to post a reply. Or register here, for free.