Name is required.
Email address is required.
Invalid email address
Answer is required.
Exceeding max length of 5KB

Burp REST API - capturing traffic

Andrej Simko Sep 26, 2018 11:04AM UTC

Hi,
in my experience, launching an active scan on valid dataset from Proxy is the best approach. We have regular releases, triggering test packs for changed functionality which can be routed through Burp Suite. So far, we always opened manually new Proxy listener, captured traffic, closed it, and ran active scan.

Would it be possible, to enhance the REST APIs to be able to start listening on certain port (ideally with indication of transparent proxy); then indicate to Burp that it is finished (to close the listening port); so that we can launch the pre-defined active scan on intercepted data afterwards? With session management, excludes and everything else pre-prepared.

I think it would be a very good addition, and most likely it's in your pipeline, but as far as I know that isn't a publicly accessible information so I can't vote for it in other way, as this:)


Paul Johnston Sep 27, 2018 09:08AM UTC Support Center agent

Thanks for the suggestion. We do intend to expose more of Burp’s functionality through the REST API, and when we do that, this use case will be supported.


Post Your public answer

Your name
Your email address
Answer