Name is required.
Email address is required.
Invalid email address
Answer is required.
Exceeding max length of 5KB

Burp Suite Automation

Alapan Oct 31, 2019 06:10AM UTC

I am trying to automate an API scan using Burp Suite Pro. I am planning to Initiate scans through the REST API and fetch the report through headless burp, as API returns a JSON response, and I need a user friendly HTML report. How do I go about to do that? Are there any easier approaches? And how to I automate authentication via Bearer token through an external link and add the token to the requests?


Ben Wright Nov 01, 2019 01:36PM UTC Support Center agent

Hi,

Unfortunately, the REST API only returns scan information in the JSON format. The full HTML reports are currently only generated in the Burp GUI. We do have a request in our development backlog to enhance the REST API reporting functionality but we cannot provide an ETA of when/if this will be implemented. Having said that, have you looked into any of the Burp Extensions that are currently available on our BApp store (These are user written extensions that extend some of Burps capabilities)? The Carbonator extension sounds like it might give you some of the functionality that you require.

You would be able to create a Macro within Burp that will obtain a Bearer token and add it to requests. The following links provide some details of how people have achieved this previously:

https://medium.com/leveraging-information-security-tools/refreshing-bearer-token-automatically-in-burp-and-zap-for-rest-apis-693bc8de3dee

https://www.foregenix.com/blog/testing-problematic-authorisation-tokens-with-burp

In addition, the Add Custom Header extension also looks like it might work for your requirements.

Please let us know if you need any further assistance.


Post Your public answer

Your name
Your email address
Answer