Burp REST API - capturing traffic
in my experience, launching an active scan on valid dataset from Proxy is the best approach. We have regular releases, triggering test packs for changed functionality which can be routed through Burp Suite. So far, we always opened manually new Proxy listener, captured traffic, closed it, and ran active scan.
Would it be possible, to enhance the REST APIs to be able to start listening on certain port (ideally with indication of transparent proxy); then indicate to Burp that it is finished (to close the listening port); so that we can launch the pre-defined active scan on intercepted data afterwards? With session management, excludes and everything else pre-prepared.
I think it would be a very good addition, and most likely it's in your pipeline, but as far as I know that isn't a publicly accessible information so I can't vote for it in other way, as this:)
Thanks for the suggestion. We do intend to expose more of Burp’s functionality through the REST API, and when we do that, this use case will be supported.