Research Academy
My account Customers About Blog Careers Legal Contact Resellers

Burp Suite User Forum

Create new post

Burp with Jenkin

Harsh | Last updated: Sep 18, 2018 09:25AM UTC

When I am trying to integrate my burp with Jenkins by Carbonator extension. I am using Pro license version . I have followed this https://www.we45.com/blog/automating-burp-with-jenkins link to make my burp work with Jenkins. As the burp headless command runs, In console of Jenkins I am getting license agreement message and at the end of the message it is asking for "Do you accept the license agreement? (y/n)". Kindly help.

Liam, PortSwigger Agent | Last updated: Sep 18, 2018 09:44AM UTC

Have you tried using our Enterprise product to integrate with Jenkins? - https://portswigger.net/burp/documentation/enterprise/how-do-i/integrate-with-ci We are happy to offer trial licenses to businesses that have not used Burp Suite Enterprise Edition before. - https://portswigger.net/requestfreetrial/enterprise

Burp User | Last updated: Sep 18, 2018 12:43PM UTC

Hi Liam, Thanks for the reply. I will check the trial version of burp enterprise. But as I have the pro license of the burp, so is it possible to that with it? Any clues for the license agreement message which is coming when I tried to run burp in jenkins. If I try to run that jar which I am using for the Jenkins than it is working fine but with jenkins it is giving message for the license agreement. Is there any way to come out with that?

PortSwigger Agent | Last updated: Sep 18, 2018 12:45PM UTC

Hi Harsh, You're getting the license message because Burp is licensed on a per-user basis. By default Jenkins runs jobs under the "jenkins" user. What I suggest you do is login as that user, then run Burp and activate it. You may need to edit /etc/passwd to give jenkins an interactive shell, then as root run "su jenkins". After that your jobs should run correctly. Be aware that Carbonator is quite basic compared to what's possible with Burp 2. Please let us know if you need any further assistance.

Burp User | Last updated: Sep 18, 2018 01:24PM UTC

Thanks Paul, I will go through your comments and will check . One more thing which I want to ask is for the Burp integrating with Selenium. I have checked the link to do so but couldn't found anything which can help me to integrate it with my functional testing. I have checked the Burp rest api but couldn't found any documentation of that(only git link). Is there any documentation which tells the integration of burp with our functional automation testing .

PortSwigger Agent | Last updated: Sep 18, 2018 01:36PM UTC

Hi, This is possible, although we don't have a tutorial. Perhaps we should write one. In an interactive scenario, what you need to do is set up the browser that Selenium is driving to proxy through Burp. Run all your functional test scripts - this will populate the site map within Burp. Then from Burp launch scans of the areas of the site you want to audit. It's theoretically possible to automate some of this in a CI pipeline, but expect to do a lot of fiddling and hit a few issues. Headless Burp has some useful features compared to Carbonator. Burp Enterprise doesn't currently support this deployment, but it is on the development plan. Please let us know if you need any further assistance.

You must be an existing, logged-in customer to reply to a thread. Please email us for additional support.