![]() ![]() Additional features that I hope to implement at some point include alerting, monitoring, and integration with other services such as Amazon S3, Microsoft OneDrive, and Google Cloud Storage. Though I have only scratched the surface of what’s possible, Seltzer has been a fun project to work on. Seltzer supports the use of Burp REST API keys as an additional level of security if users want to further restrict access to the API. For example, the API typically should not be exposed to the public internet. It is important to note that the Burp REST API should be properly configured prior to using Seltzer. It leverages the Burp REST API to allow for using named scan configurations, Burp project and user options files, and it runs in headless mode by default. This begs the question, “What is Seltzer?” Seltzer is a Burp Suite extension and accompanying Bash shell script that allows a user to scan a list of targets using Burp 2.0. The workflow might look something like this: We can combine the extender API, the REST API, and some Bash scripting to achieve our goal of headless, unattended scanning in Burp 2.0. Specifically, the REST API provides a means for us to start scans, specify a scan configuration profile to use, and check the scans status. GitHub - PortSwigger/openapi-parser: Parse OpenAPI specifications, previously known as Swagger specifications, into the BurpSuite for automating RESTful API testing approved by Burp for inclusion in their official BApp Store. Currently, the REST API has limited functionality, but it is useful for solving this problem. However, another feature of Burp 2.0 is the Burp REST API. We cannot use the extender API in its current form to do this. ![]() More specifically, we would like to traverse a list of targets and do the following: We would like to use the extender API to start a scan and specify a configuration. When new scans are initiated via the extender API, they use a very limited default configuration. When PortSwigger released Burp 2.0, the Burp Extender API was not updated to support some of the new features including the ability to specify a configuration for a new scan. ![]() In Burp 2.0 you can have concurrently running scans, each having its own configuration. In Burp 1.0, all active scans used the same configuration. It is a great extension that has worked well, until the release of Burp 2.0.īurp 2.0 is a significant upgrade from 1.0 and includes many useful new features, such as the ability to create multiple scanning configurations. Available in the BApp Store, Carbonator provides a means to interact with Burp via the command line, scanning a target and exporting the results as HTML. For years, my tool of choice for this has been the Burp extension Carbonator. Alternatives such as Burp Suite Enterprise exist, but those of us with Burp Suite Professional may want to leverage it to perform this type of work. Step 1 Start Burp and set the listener on TCP port 8080 (or any unused local port) Step 2 Point Postman’s proxy settings to the local Burp listener Figure 1: Postman Settings Proxy subtab Step 3 Disable the SSL certificate verification in the General subtab of Postman’s settings to prevent ‘Self-signed Certificates Blocked’ errors. However, it can be difficult to use Burp for headless, unattended scanning. It is feature-rich, intuitive, well-supported, and customizable. Burp Suite Professional (Burp) is one of the best tools available for penetration testers. ![]()
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |