Name is required.
Email address is required.
Invalid email address
Answer is required.
Exceeding max length of 5KB

REST API Does Not Set Content-Type Header When Invoking Callback

Bryan Burman Jul 10, 2019 01:46PM UTC

When Burp's REST API issues a PUT request to the callback supplied to /scan, Burp does not set the Content-Type header. This causes issues when trying to integrate various tooling, such as ASP.NET Core 2.0. The platform doesn't receive a designated content type and is thus unable to perform content type negotiation.

Here's an example of the payload that I receive:

PUT / HTTP/1.1
Host: <omitted>
Content-Length: 438
Accept-Encoding: gzip

{"task_id":"12","scan_status":"crawling","scan_metrics":{"crawl_requests_made":16,"crawl_network_errors":0,"crawl_unique_locations_visited":2,"crawl_requests_queued":0,"audit_queue_items_completed":0,"audit_queue_items_waiting":0,"audit_requests_made":0,"audit_network_errors":0,"issue_events":0,"crawl_and_audit_caption":"Unauthenticated crawl. Estimating time remaining...","crawl_and_audit_progress":-1},"message":"","issue_events":[]}

Rose Krawczuk Jul 11, 2019 08:24AM UTC Support Center agent

Thanks for your message.

Our development team have added this header and it should be available in the next release. Unfortunately, we’re not able to provide an ETA on this, but we’ll let you know when it is available.

Post Your public answer

Your name
Your email address