Support Center

Burp Community

See what our users are saying about Burp Suite:

How do I?

New Post View All

Feature Requests

New Post View All

Burp Extensions

New Post View All

Bug Reports

New Post View All
Documentation

Burp Suite Documentation

Take a look at our Documentation section for full details about every Burp Suite tool, function and configuration option.

Full Documentation Contents Burp Projects
Suite Functions Burp Tools
Options Using Burp Suite
Extensibility

Burp Extender

Burp Extender lets you extend the functionality of Burp Suite in numerous ways.

Extensions can be written in Java, Python or Ruby.

API documentation Writing your first Burp Suite extension
Sample extensions View community discussions about Extensibility
Name is required.
Email address is required.
Invalid email address
Answer is required.
Exceeding max length of 5KB

active scan is waiting

hong Jan 26, 2017 08:07PM UTC

Hi,
I am working on extension that will send the url to do active scan.
I noticed the urls I sent are all in "waiting" and need me to manually click "resume". Is there a way to make it scan without manual intervention?

Thanks


Dafydd Stuttard Jan 27, 2017 09:12AM UTC Support Center agent

It sounds like the Scanner is in a globally paused state, perhaps because you have reopened an existing project, and the default option is to pause the Scanner when this is done.

If the Scanner is already running, then items sent for scanning via the API will be scanned as soon as a thread is available, without the user needing to resume anything.


hong Jan 27, 2017 04:04PM UTC
You are correct, I reopened an existing project.

What is the best way to bring up Burp in following configuration?

Currently I load an existing project which has user/passwd set for spider, and load extension, listen on port 8081, then I have to manually turn off proxy intercept, and manually resume scanner

(1) proxy intercept is off
(2) proxy listening on port 8081
(3) user/password for spider is set
(4) extension loaded
(5) session management is using cookies from burp cookie jar for spider and scanner
(6) scanner is running

Is there a way to save all these into one user configuration file (instead of project file), and load this file from command line/GUI?

Help is appreciated!


Dafydd Stuttard Jan 27, 2017 04:22PM UTC Support Center agent

Your project settings (e.g. the proxy listener) will be saved in your project file.

User settings (e.g. extension to load) can be saved in a user-level config file, and specified on the command line using the —user-config-file option.

If you want to fully automate everything, then try launching Burp in headless mode, and the Spider/Scanner won’t be paused.


hong Jan 27, 2017 07:56PM UTC
Is there a way to make scanner started without headless mode? Can I start scanner from API?

Tried headless mode, it can scan, but Burp won't accept my log in from curl command, always say "403 forbidden", "untrusted host", not able to refresh the cookie jar, therefore the session is invalid


hong Jan 27, 2017 08:42PM UTC
Can I load project file without pausing the scanner? I saw there is option on the GUI, can I do it on commandline, or API?

Or:

If I use config file, will the scanner not paused? If not paused, how to bypass the GUI (select project) so that I can bring up burp automatically?


Dafydd Stuttard Jan 30, 2017 09:46AM UTC Support Center agent

1. This option is only shown in the startup UI.

2. The only way to bring the Scanner up unpaused is to uncheck the box in the startup UI, or run Burp headlessly.

We’ll look into adding a command-line option to bring up the Scanner and Spider unpaused in non-headless mode.


hong Jan 30, 2017 02:37PM UTC
problem solved with headless mode

Dafydd Stuttard Feb 01, 2017 02:15PM UTC Support Center agent

Just to let you know that in today’s release (1.7.17) we have added a new command line argument for this purpose:

—unpause-spider-and-scanner

Thanks again for your feedback, and please do let us know if you run into any other problems.


Post Your public answer

Your name
Your email address
Answer