Research Academy
My account Customers About Blog Careers Legal Contact Resellers

Burp Suite User Forum

Create new post

Burp does not load url from environment variable in windows

Rajasekar | Last updated: Nov 05, 2019 08:23AM UTC

Hi Team, I have configured the burp enterprise edition with "jenkins" and i have created a "execute windows batch script" to load the target url for scanning. Also, i have confgirued the burp scan plugin with below script as scan format: {"scan_configurations":[{"config":"Crawl strategy-faster, Audit coverage-thorough","type":"CustomConfiguration"}],"scope":{"include":[BURP_SCAN_URL],"type":"SimpleScope"},"urls":[BURP_SCAN_URL]} If i run build now, it throws the following exception: Started by user burp Running as SYSTEM Building in workspace D:\Jenkins\workspace\burp [burp] $ cmd /c call C:\WINDOWS\TEMP\jenkins3277262807616599512.bat D:\Jenkins\workspace\burp>echo BURP_SCAN_URL = http://altoromutual.com BURP_SCAN_URL = http://altoromutual.com D:\Jenkins\workspace\burp>exit 0 ERROR: Build step failed with exception net.portswigger.burp.d: on"}],"scope":{"include":[ >>> BURP_ <<< SCAN_URL], at net.portswigger.burp.api.driver.BurpCiDriver.scan(Unknown Source) at org.jenkinsci.plugins.burpscan.BurpScanRecorder.perform(BurpScanRecorder.java:134) at hudson.tasks.BuildStepMonitor$1.perform(BuildStepMonitor.java:20) at hudson.model.AbstractBuild$AbstractBuildExecution.perform(AbstractBuild.java:741) at hudson.model.Build$BuildExecution.build(Build.java:206) at hudson.model.Build$BuildExecution.doRun(Build.java:163) at hudson.model.AbstractBuild$AbstractBuildExecution.run(AbstractBuild.java:504) at hudson.model.Run.execute(Run.java:1853) at hudson.model.FreeStyleBuild.run(FreeStyleBuild.java:43) at hudson.model.ResourceController.execute(ResourceController.java:97) at hudson.model.Executor.run(Executor.java:427) Build step 'Burp scan' marked build as failure Finished: FAILURE Kindly help me to resolve this issue

Mike, PortSwigger Agent | Last updated: Nov 05, 2019 11:21AM UTC

Hi, looking at your JSON configuration that you are providing, it appears that it is not valid JSON which is why you are getting an exception. The [BURP_SCAN_URL] values are not valid as they are not in quotation marks. You don't need to provide the URL within the scan configuration as the CI driver will automatically use it when you echo it from the BURP_SCAN_URL variable which you have already done. So this section can be removed. Also, you appear to be providing multiple configuration names in your config property names (Crawl strategy-faster, Audit coverage-thorough) this is not a valid scan configuration as they should be separate objects within the array with their own type property.

You must be an existing, logged-in customer to reply to a thread. Please email us for additional support.