Name is required.
Email address is required.
Invalid email address
Answer is required.
Exceeding max length of 5KB

REST API. Get scan status after Burp restart: Task ID not found

Oleksii Nov 20, 2019 03:03PM UTC

Burp Suite Pro version: 2.1.05;

Steps to reproduce:

1. Start Burp Suite Pro;
2. Launch new scan, using REST API, i.e. do HTTP POST scan configuration to http://127.0.0.1:1337/$apiKey/v0.1/scan;
3. Poll scan status with HTTP GET http://127.0.0.1:1337/$apiKey/v0.1/scan/$taskID;
4. Stop Burp Suite;
5. Launch Burp Suite again with --unpause-spider-and-scanner command line option;
6. Scan status poll fails with HTTP 400: {"type":"ClientError","error":"Task ID not found"}

Expected behavior: Burp Suite stores taskID in project file/temporary directory and allows to poll scan status even after Burp Suite restart.


Liam Tai-Hogan Nov 20, 2019 03:54PM UTC Support Center agent

You should be able to find the Task ID in the “location” header.

Please let us know if you need any further assistance.


Liam Tai-Hogan Nov 20, 2019 03:55PM UTC Support Center agent

To view the task_id of an item, you can:

1) Note the value of the location header that is returned when you start the scan.

2) Look at the Burp Dashboard tab.

3) Configure a callback URL and note the task_id in the body of the request.


Oleksii Nov 20, 2019 04:26PM UTC
I know where to find task ID, but the report isn't about it. Say, you received a response to POST request and saved task ID from 'Location' HTTP header, then you can perform HTTP GET requests with this task ID to obtain scan status and all works just fine until...
After Burp Suite restart you will not able to poll scan status because Burp Suite responds with HTTP 400: {"type":"ClientError","error":"Task ID not found"} whatever you give it as a task ID.
Read my steps to reproduce carefully, please.

sasha k Nov 21, 2019 01:32AM UTC
Dear Support,

This issue has a significant impact on the way we are trying to utilize Burp Pro 2.x via API.

In our case, the some targets we test are not available 24x7, so we have to deal with suspending the scan & audit and resuming it later.

However, doing that via API does not work as the TaskID is not recognized by Burp Pro after the restart.

Please advise.
Thanks, Alex.

Liam Tai-Hogan Nov 25, 2019 03:22PM UTC Support Center agent

Sasha, we reproduced the behavior you are having an issue with.

We’ll discuss this with the appropriate product team and get back to you.


sasha k Nov 25, 2019 07:59PM UTC
It's great news, Liam, thank you!

Please keep me posted or let me know otherwise what we can do to get the fix for this behavior prioritized /expedited.

Sasha.

Michelle Gillian Nov 26, 2019 02:25PM UTC Support Center agent

Hi

We’ve raised this as a bug with our product team, we don’t have an ETA for the fix as yet.


Post Your public answer

Your name
Your email address
Answer