Research Academy
My account Customers About Blog Careers Legal Contact Resellers

Burp Suite User Forum

Create new post

Start an active scan with insertion points via the REST API

Nishant | Last updated: Mar 11, 2021 08:01AM UTC

Hi, Is there a way to start an active scan with payload offsets (like we do using the Intruder's scan defined insertion points GUI context menu) via the REST API i.e. submitting a HTTP request with insertion points via the REST API instead of a URL? This would help us automate the regression of known vulnerabilities (reported via other channels like manual pentesting, red-team or bug-bounty etc.) instead of having to crawl and/or scan all parameters with all vulnerabilities to reduce scan time and accuracy.

Hannah, PortSwigger Agent | Last updated: Mar 12, 2021 11:22AM UTC

Unfortunately, the REST API can only trigger a full crawl and audit, and you are unable to specify payload offsets. You may be interested in looking into the Extender API - you can use IBurpExtenderCallbacks.doActiveScan() to specify payload offsets. You can find out more about writing extensions and the Extender API here: - https://portswigger.net/burp/extender - https://portswigger.net/burp/extender/api/ If you're interested in automated repeated scanning of web applications, you may be interested in our Enterprise edition. You can find out more and request a free trial here: https://portswigger.net/burp/enterprise

You must be an existing, logged-in customer to reply to a thread. Please email us for additional support.