Research Academy
My account Customers About Blog Careers Legal Contact Resellers

Burp Suite User Forum

Create new post

Burp Suite Automation

Alapan | Last updated: Oct 31, 2019 06:10AM UTC

I am trying to automate an API scan using Burp Suite Pro. I am planning to Initiate scans through the REST API and fetch the report through headless burp, as API returns a JSON response, and I need a user friendly HTML report. How do I go about to do that? Are there any easier approaches? And how to I automate authentication via Bearer token through an external link and add the token to the requests?

Ben, PortSwigger Agent | Last updated: Oct 31, 2019 11:21AM UTC

Hi, Unfortunately, the REST API only returns scan information in the JSON format. The full HTML reports are currently only generated in the Burp GUI. We do have a request in our development backlog to enhance the REST API reporting functionality but we cannot provide an ETA of when/if this will be implemented. Having said that, have you looked into any of the Burp Extensions that are currently available on our BApp store (These are user written extensions that extend some of Burps capabilities)? The Carbonator extension sounds like it might give you some of the functionality that you require. You would be able to create a Macro within Burp that will obtain a Bearer token and add it to requests. The following links provide some details of how people have achieved this previously: https://medium.com/leveraging-information-security-tools/refreshing-bearer-token-automatically-in-burp-and-zap-for-rest-apis-693bc8de3dee https://www.foregenix.com/blog/testing-problematic-authorisation-tokens-with-burp In addition, the Add Custom Header extension also looks like it might work for your requirements. Please let us know if you need any further assistance.

Jedi | Last updated: Nov 04, 2020 03:42AM UTC

Hi Alapan, I also try to automate Burp active scan process and wanna to generate a HTML report via Burp Suite Pro. Command/API to generate HTML report is only available in ENTERPRISE version. However, you can try vmware/Burp-rest-api for Burp pro users. https://github.com/vmware/burp-rest-api When you launch Burp pro by burp-rest-api.bat and finish a active scan, the HTML report will be stored in following site: http://localhost:8090/burp/report Run a urlopen of python and you will get the HTML report. It is the fastest way to achieve your request.

You must be an existing, logged-in customer to reply to a thread. Please email us for additional support.