Burp Suite User Forum

Login to post

Scanning REST APIs with Burp Enteprise

Al | Last updated: Dec 19, 2018 07:28PM UTC

We regularly scan RESTful APIs using Burp Suite Professional together with Postman. Once we have navigated all of the API's endpoints with Postman, we unleash the Burp scan. As long as the API endpoints don't change we run Burp periodically and manually using the same sitemap. We would like to know if there is a way to feed a Burp Suite Professional project into Burp Enterprise, in order to run these scans automatically. Thanks.

PortSwigger Agent | Last updated: Dec 20, 2018 09:52AM UTC

Unfortunately this is not possible at present. I agree this would be a useful feature. We are going to look at ways we could do this in future. However, that's likely to be a little way out; certainly after Burp Enterprise comes out of beta.

Liam, PortSwigger Agent | Last updated: Nov 20, 2020 08:25AM UTC

The latest release of Burp Scanner includes a feature to scan both JSON and YAML-based API definitions for vulnerabilities. - https://portswigger.net/burp/releases/professional-community-2020-11?requestededition=professional - https://portswigger.net/burp/documentation/desktop/scanning/api-scanning

You need to Log in to post a reply. Or register here, for free.