Burp Suite User Forum

Login to post

Use of multiple URL's with plugin: Burp Scan

Govind | Last updated: Aug 22, 2019 12:53PM UTC

Hello Team, We are using Jenkins for Continuous Integration of Burp Enterprise. We are using 'Burp Scan' plugin in the Build section of Jenkins Freestyle Project job creation. When scanning the web application in Burp Enterprise we are able to put 2 URL's for the scan whereas in Jenkins plugin could you please let us know how to use 2 or more URL's. Thanks, Govind

Liam, PortSwigger Agent | Last updated: Aug 22, 2019 12:56PM UTC

Hi Govind Thanks for your message. You can add additional URLs by echoing BURP_SCAN_URL. Please let us know if you need any further assistance.

Burp User | Last updated: Aug 26, 2019 07:20AM UTC

I know, we can add URL by using the option: echoing BURP_SCAN_URL. I want to add 2 URL's in 1 Job. Here are the URL's that I want to add, please suggest how that will work. First URL: https://eamsso.inside.ams1907.com/pub/eam/login.fcc?TYPE=33554433&REALMOID=06-ce399f48-fb0c-4c23-a8f0-353ac90890b0&GUID=&SMAUTHREASON=0&METHOD=GET&SMAGENTNAME=-SM-fcutVSTREgezzIIP7A65Xef122oUQ9jiZeJ0jdjaCj%252bCgg%252bZfU2z7G2vW02eiISg7wEEyJU9TiaCFuD%252bCUYYWVn5s%252bIJci1h&TARGET=-SM-https%253a%252f%252fetsweb16.inside.ams1907.com%252f Second URL: https://etsweb16.inside.ams1907.com/ Thanks, Govind

Mike, PortSwigger Agent | Last updated: Aug 27, 2019 01:32PM UTC

Hi Govind, You can add additional URL's by using multiple 'echo BURP_SCAN_URL' lines with your required URL's in the command input area of the Jenkins plugin. We have a blog post which provides information on how to setup different CI integrations with Burp Suite: https://portswigger.net/blog/enterprise-edition-ci-integration Please let us know if you need any further assistance.

Burp User | Last updated: Sep 26, 2019 10:57AM UTC

Hello Mike, I am using these two URL's: https://eamsso.inside.ams1907.com/pub/eam/login.fcc?TYPE=33554433&REALMOID=06-ce399f48-fb0c-4c23-a8f0-353ac90890b0&GUID=&SMAUTHREASON=0&METHOD=GET&SMAGENTNAME=07wTM93aLmTImU5njct6SljwjA5IZlvlEORweURL11bksRhluJw3j45WO2NAjD2mqHUYd0sdJM9Y7R4dosXrIxL23bIP0q5n&TARGET=-SM-https%253a%252f%252fbcc16.inside.ams1907.com%252f https://bcc16.inside.ams1907.com/home/dashboard However Jenkins is giving this error, see console output. Suggest how to overcome this Jenkins Console: Started by user XYZ Building remotely on UFT_EntAutomation_N1 (uft-ent-n1) in workspace C:\Program Files\Jenkins\UFT_EntAutomation_N1\workspace\jenkinsmaster-5\ENT\EntAutomation\Burp_Suite_Jobs\bcc_2_url [bcc_2_url] $ cmd /c call C:\WINDOWS\TEMP\jenkins7420068844356514790.bat C:\Program Files\Jenkins\UFT_EntAutomation_N1\workspace\jenkinsmaster-5\ENT\EntAutomation\Burp_Suite_Jobs\bcc_2_url>echo BURP_SCAN_URL=https://eamsso.inside.ams1907.com/pub/eam/login.fcc?TYPE=33554433 & REALMOID=06-ce399f48-fb0c-4c23-a8f0-353ac90890b0 & GUID= & SMAUTHREASON=0 & METHOD=GET & SMAGENTNAME=07wTM93aLmTImU5njct6SljwjA5IZlvlEORweURL11bksRhluJw3j45WO2NAjD2mqHUYd0sdJM9Y7R4dosXrIxL23bIP0q5n & TARGET=-SM-https53a52f52fbcc16.inside.ams1907.com52f BURP_SCAN_URL=https://eamsso.inside.ams1907.com/pub/eam/login.fcc?TYPE=33554433 'REALMOID' is not recognized as an internal or external command, operable program or batch file. 'GUID' is not recognized as an internal or external command, operable program or batch file. 'SMAUTHREASON' is not recognized as an internal or external command, operable program or batch file. 'METHOD' is not recognized as an internal or external command, operable program or batch file. 'SMAGENTNAME' is not recognized as an internal or external command, operable program or batch file. 'TARGET' is not recognized as an internal or external command, operable program or batch file. C:\Program Files\Jenkins\UFT_EntAutomation_N1\workspace\jenkinsmaster-5\ENT\EntAutomation\Burp_Suite_Jobs\bcc_2_url>echo BURP_SCAN_URL=https://bcc16.inside.ams1907.com/home/dashboard BURP_SCAN_URL=https://bcc16.inside.ams1907.com/home/dashboard C:\Program Files\Jenkins\UFT_EntAutomation_N1\workspace\jenkinsmaster-5\ENT\EntAutomation\Burp_Suite_Jobs\bcc_2_url>exit 9009 Build step 'Execute Windows batch command' marked build as failure Finished: FAILURE

Mike, PortSwigger Agent | Last updated: Sep 26, 2019 12:14PM UTC

Hi Govind, Looking at the output from your command, it appears that windows thinks your URL's are individual commands. This can be resolved by placing your URL's in quotation marks e.g. 'example.org'. If you could try adding those to your URLs and trying again it should resolve your issue. Please let us know if you need any further assistance.

Burp User | Last updated: Sep 27, 2019 10:31AM UTC

Hello Mike, Thanks for your reply. I did as suggested by you. The job ran but it's not available in Burp Enterprise, might be due to URL from Jenkins is not matching from those in Enterprise. Please let me know what change I need to do so that job triggered by Jenkins should be available in Enterprise. Please note that when URL in Jenkins job matches with URl in Burp Enterprise then it shows the scanning in Enterprise. Console Logs: Started by user Dasari Rakesh (CVC8DZC) Building remotely on UFT_EntAutomation_N1 (uft-ent-n1) in workspace C:\Program Files\Jenkins\UFT_EntAutomation_N1\workspace\jenkinsmaster-5\ENT\EntAutomation\Burp_Suite_Jobs\bcc_2_url [bcc_2_url] $ cmd /c call C:\WINDOWS\TEMP\jenkins3841756890656405065.bat C:\Program Files\Jenkins\UFT_EntAutomation_N1\workspace\jenkinsmaster-5\ENT\EntAutomation\Burp_Suite_Jobs\bcc_2_url>echo BURP_SCAN_URL=https://eamsso.inside.ams1907.com/pub/eam/login.fcc?TYPE=33554433'REALMOID=06-ce399f48-fb0c-4c23-a8f0-353ac90890b0''GUID=''SMAUTHREASON=0''METHOD=GET''SMAGENTNAME=07wTM93aLmTImU5njct6SljwjA5IZlvlEORweURL11bksRhluJw3j45WO2NAjD2mqHUYd0sdJM9Y7R4dosXrIxL23bIP0q5n''TARGET=-SM-https53a52f52fbcc16.inside.ams1907.com52f' BURP_SCAN_URL=https://eamsso.inside.ams1907.com/pub/eam/login.fcc?TYPE=33554433'REALMOID=06-ce399f48-fb0c-4c23-a8f0-353ac90890b0''GUID=''SMAUTHREASON=0''METHOD=GET''SMAGENTNAME=07wTM93aLmTImU5njct6SljwjA5IZlvlEORweURL11bksRhluJw3j45WO2NAjD2mqHUYd0sdJM9Y7R4dosXrIxL23bIP0q5n''TARGET=-SM-https53a52f52fbcc16.inside.ams1907.com52f' C:\Program Files\Jenkins\UFT_EntAutomation_N1\workspace\jenkinsmaster-5\ENT\EntAutomation\Burp_Suite_Jobs\bcc_2_url>echo BURP_SCAN_URL=https://bcc16.inside.ams1907.com/home/dashboard BURP_SCAN_URL=https://bcc16.inside.ams1907.com/home/dashboard C:\Program Files\Jenkins\UFT_EntAutomation_N1\workspace\jenkinsmaster-5\ENT\EntAutomation\Burp_Suite_Jobs\bcc_2_url>exit 0 BURP_SCAN_STATUS: initializing BURP_SCAN_STATUS: crawling BURP_SCAN_STATUS: auditing BURP_SCAN_STATUS: succeeded BURP_SCAN_SUMMARY: requests made: 13270, network errors: 14 Finished: SUCCESS

Mike, PortSwigger Agent | Last updated: Sep 27, 2019 10:55AM UTC

Hi Govind, From the information provided, it looks like your scan succeeded, however, it could be the permissions that your account has in Enterprise that is preventing you from seeing the scan results. You should contact your system administrator to review your permissions that should resolve your issue, if not we can help diagnose further from there. Please let us know if you need any further assistance.

Burp User | Last updated: Sep 30, 2019 02:41PM UTC

Hello Mike, If I scan a application with URL having limited options (without use of ' (single quote)) then the Jenkins job scan is available in Enterprise. If the URL used for scanning contains multiple options by using ' (single quote) then those jobs are not available in Enterprise. Please let me know how I can share the job details. The URL under test are available in UPS network only. Thanks, Govind

Mike, PortSwigger Agent | Last updated: Oct 01, 2019 09:31AM UTC

Hi Govind, Can you provide an example of the URL parameter you are attempting to parse into the Jenkins plugin for Burp Suite Enterprise?

Burp User | Last updated: Oct 01, 2019 11:57AM UTC

Hello Mike, We are using this URL for scanning: https://eamsso.inside.ams1907.com/pub/eam/login.fcc?TYPE=33554433&REALMOID=06-ce399f48-fb0c-4c23-a8f0-353ac90890b0&GUID=&SMAUTHREASON=0&METHOD=GET&SMAGENTNAME=07wTM93aLmTImU5njct6Sl jwjA5IZlvlEORweURL11bksRhluJw3j45WO2NAjD2mqHUYd0sdJM9Y7R4dosXrIxL23bIP0q5n&TARGET=-SM-https%253a%252f%252fbcc16.inside.ams1907.com%252f Please let me the solution to use this URL in Jenkins job so that the scan should be available in Enterprise Burp. Thanks, Govind

Liam, PortSwigger Agent | Last updated: Oct 02, 2019 09:47AM UTC

Hi Govind Have you checked the box for "Display sites generated by the API:" in the Sites and Scan data settings? Have you checked the Enterprise Site Tree to locate the URL you are scanning?

Burp User | Last updated: Oct 02, 2019 05:59PM UTC

Hello Liam, Thanks, could you please provide the screenshot for these settings as I don't have access to the settings. I need to request the admin of Burp Enterprise. Thanks, Govind

Liam, PortSwigger Agent | Last updated: Oct 03, 2019 10:58AM UTC

Govind, we can't send screenshots via the forum. Could you email us with this request to support@portswigger.net? Thanks.

You need to Log in to post a reply. Or register here, for free.