Research Academy
My account Customers About Blog Careers Legal Contact Resellers

Burp Suite User Forum

Create new post

How do i get CWE references from /scan response

Jb | Last updated: Mar 28, 2019 06:24AM UTC

I have noticed that Burp Suite Enterprise Edition web app has CWE references included under ‘Vulnerability classifications’ in every scan result. however, API json scan output doesn’t contain it. I would like to have these CWE references included in “/scan/[task_id: String]” response. How to achieve that ?

PortSwigger Agent | Last updated: Mar 28, 2019 10:51AM UTC

If you have Burp Pro, the REST API has an endpoint /knowledge_base/issue_definitions that lets you map the type_index of the issue to such data. This is currently missing from the Burp Enterprise APi but we are going to add it.

Burp User | Last updated: May 17, 2019 06:16PM UTC

Is there a timeframe for implementation?

Rose, PortSwigger Agent | Last updated: May 20, 2019 09:14AM UTC

The /knowledge_base/issue_definitions endpoint has been added to the Burp Enterprise API. Please update your version to access this functionality.

Burp User | Last updated: Nov 16, 2019 03:30PM UTC

Is there any documentation from Burp with a table of Vulnerability type / CWE /plugin from Burp?

Michelle, PortSwigger Agent | Last updated: Nov 18, 2019 10:28AM UTC

You can find the issue definitions on our knowledge base on the website here: https://portswigger.net/kb/issues. You can also go to the Target -> Issue Definitions tab in Burp Suite Community Edition (downloadable for free) and see the CWE/Vulnerability classifications. If you'd like me to send you a screenshot, please email us at support@portswigger.net. Just to clarify when you refer to the plugin are you referring to the Burp extensions?

You must be an existing, logged-in customer to reply to a thread. Please email us for additional support.