Name is required.
Email address is required.
Invalid email address
Answer is required.
Exceeding max length of 5KB

Scanning a site with basic authorization (Burp suite enterprise Rest API)

Andrii May 30, 2019 07:53AM UTC

Hello. I want to scan sites where basic authorization is installed. What tokens can I use in building a curl request for basic authorization?

curl -vgw "\n" -X POST 'http://burp.link.to.rest.api/v0.1/scan' -d '{ (???basic auth???) "scan_configurations":[{"name":"Audit checks - all except Java .......


Thank You!
Regards.


Liam Tai-Hogan May 30, 2019 03:39PM UTC Support Center agent

Have you tried setting and saving Burp’s platform authentication settings to a User options configuration file:

- https://support.portswigger.net/customer/portal/articles/2927576-configuring-ntlm-with-burp-suite

Then loading the config file when you start Burp:

- https://support.portswigger.net/customer/portal/articles/2928360-using-burp-s-command-line-arguments


Andrii May 30, 2019 03:47PM UTC
Ok.. And how to do it in the curl request on command line? I use Rest API (Burp Enterprise) from web interface.

Than You!
Kind regards.

Liam Tai-Hogan Jun 03, 2019 01:43PM UTC Support Center agent

You need to export the working custom configuration then add it to your command using the toolkit. We’ve sent a screenshot to your email.


Andrii Jun 03, 2019 02:44PM UTC
This method work in RestAPI from port 1337 (created task in Burp Professional (program)) but not working in Rest API (web-version). I have error 401 error in web-serwer logs.

Paul Johnston Jun 04, 2019 11:25AM UTC Support Center agent

Hi Andrii,

Thanks for following up. 401 means “unauthorized” so indicates there’s some problem with the API token you used.

To use the Burp Enterprise REST API you need to create a user in the Team screen, with an API key and appropriate permissions. When you do this, you get a popup dialog with the API URL to use. We will email you a screenshot of this.


Post Your public answer

Your name
Your email address
Answer