Name is required.
Email address is required.
Invalid email address
Answer is required.
Exceeding max length of 5KB

Burp does not load url from environment variable in windows

Rajasekar Nov 05, 2019 08:23AM UTC

Hi Team,

I have configured the burp enterprise edition with "jenkins" and i have created a "execute windows batch script" to load the target url for scanning.
Also, i have confgirued the burp scan plugin with below script as scan format:

{"scan_configurations":[{"config":"Crawl strategy-faster, Audit coverage-thorough","type":"CustomConfiguration"}],"scope":{"include":[BURP_SCAN_URL],"type":"SimpleScope"},"urls":[BURP_SCAN_URL]}

If i run build now, it throws the following exception:

Started by user burp
Running as SYSTEM
Building in workspace D:\Jenkins\workspace\burp
[burp] $ cmd /c call C:\WINDOWS\TEMP\jenkins3277262807616599512.bat

D:\Jenkins\workspace\burp>echo BURP_SCAN_URL =

D:\Jenkins\workspace\burp>exit 0
ERROR: Build step failed with exception
net.portswigger.burp.d: on"}],"scope":{"include":[ >>> BURP_ <<< SCAN_URL],
at net.portswigger.burp.api.driver.BurpCiDriver.scan(Unknown Source)
at org.jenkinsci.plugins.burpscan.BurpScanRecorder.perform(
at hudson.tasks.BuildStepMonitor$1.perform(
at hudson.model.AbstractBuild$AbstractBuildExecution.perform(
at hudson.model.Build$
at hudson.model.Build$BuildExecution.doRun(
at hudson.model.AbstractBuild$
at hudson.model.Run.execute(
at hudson.model.ResourceController.execute(
Build step 'Burp scan' marked build as failure
Finished: FAILURE

Kindly help me to resolve this issue

Mike Eaton Nov 05, 2019 02:13PM UTC Support Center agent

Hi, looking at your JSON configuration that you are providing, it appears that it is not valid JSON which is why you are getting an exception. The [BURP_SCAN_URL] values are not valid as they are not in quotation marks.

You don’t need to provide the URL within the scan configuration as the CI driver will automatically use it when you echo it from the BURP_SCAN_URL variable which you have already done. So this section can be removed.

Also, you appear to be providing multiple configuration names in your config property names (Crawl strategy-faster, Audit coverage-thorough) this is not a valid scan configuration as they should be separate objects within the array with their own type property.

Post Your public answer

Your name
Your email address