-
Notifications
You must be signed in to change notification settings - Fork 25
HTTP API
The majority of burp's extender API has been exposed via an HTTP API. All requests should be sent using a Content-Type of application/json.
After you've installed the burpbuddy extension, you can configure it via the new "BurpBuddy" tab in Burp Suite.
Some options you may set include the IP and port BurpBuddy listens on as well as a number of hook URLs, described in the next section.
This section describes how you can configure BurpBuddy to send Burp's stream of requests, responses, and scan issues to a service you control.
In the "BurpBuddy" tab in Burp there are a number of hook URL fields. These can be a comma separated list of URLs, and each time an event is fired inside of Burp, the item will be turned into JSON and sent over using a POST to the server you specify.
If you're curious, this is implemented in the code here.
TODO: have subsections that give more detail and perhaps example responses from each endpoint, similar to how the 2.0 docs had.
BurpBuddy exposes a number of API endpoints that allow you to access Burp's info or cause Burp to perform actions, such as adding or removing a URL from the target scope, performing an active scan, and more.
Returns 'PONG' if API is up
$ curl -i http://127.0.0.1:8001/ping
HTTP/1.1 200 OK
Date: Wed, 03 Aug 2016 07:45:37 GMT
Content-Type: application/json; charset=UTF8
Transfer-Encoding: chunked
Server: Jetty(9.3.z-SNAPSHOT)
PONG
Identify is a URL is in burp's scope, url should be a base64 encoded URL. The response will be 200 for a URL that is in burp's current scope and 404 for one that is not.
$ curl -i http://127.0.0.1:8001/scope/aHR0cHM6Ly9zdGFja3RpdGFuLmNvbQ\=\=
HTTP/1.1 404 Not Found
Date: Wed, 03 Aug 2016 07:47:59 GMT
Content-Type: application/json; charset=UTF8
Transfer-Encoding: chunked
Server: Jetty(9.3.z-SNAPSHOT)
{"is_in_scope":false}
Adds the provided URL to burp's scope.
Required Fields:
url(string)
$ curl -i http://127.0.0.1:8001/scope -X POST -H 'Content-type: application/json' -d '{"url": "https://stacktitan.com"}'
HTTP/1.1 201 Created
Date: Wed, 03 Aug 2016 07:50:06 GMT
Content-Type: application/json; charset=UTF8
Transfer-Encoding: chunked
Server: Jetty(9.3.z-SNAPSHOT)
{"url":"https://stacktitan.com"}
Removes a URL from burp's scope, url should be a base64 encoded URL to remove from burp's scope.
$ curl -i http://127.0.0.1:8001/scope/aHR0cHM6Ly9zdGFja3RpdGFuLmNvbQ\=\= -X DELETE
HTTP/1.1 204 No Content
Date: Wed, 03 Aug 2016 07:51:47 GMT
Content-Type: application/json; charset=UTF8
Server: Jetty(9.3.z-SNAPSHOT)
Get a list of all scan issues.
$ curl -i http://127.0.0.1:8001/scanissues
HTTP/1.1 200 OK
Date: Wed, 03 Aug 2016 07:54:29 GMT
Content-Type: application/json; charset=UTF8
Transfer-Encoding: chunked
Server: Jetty(9.3.z-SNAPSHOT)
[]
Given a base64 encoded URL, return the scan issues for that URL.
$ curl -i http://127.0.0.1:8001/scanissues/aHR0cHM6Ly9zdGFja3RpdGFuLmNvbQ\=\=
HTTP/1.1 200 OK
Date: Wed, 03 Aug 2016 07:55:29 GMT
Content-Type: application/json; charset=UTF8
Transfer-Encoding: chunked
Server: Jetty(9.3.z-SNAPSHOT)
[]
Adds a new issue.
url (string)
host (string)
port (int)
protocol (string)
name (string)
severity (string)
confidence (string)
issue_background (string)
issue_detail (string)
remediation_background (string)
remediation_detail (string)
http_messages (array of objects):
request (object):
raw (string, base64)
response (object):
raw (string, base64)
highlight (string):
comment (string):
curl -i http://127.0.0.1:8001/scanissues -X POST -H 'Content-type: application/json' -d '{"url": "https://stacktitan.com", "host": "stacktitan.com", "port": 443, "protocol": "https", "name": "beep", "severity": "Information", "confidence": "Certain", "issue_background": "many boops", "issue_detail": "few beep", "remediation_background": "dunno", "remediation_detail": "dunno", "http_messages": [{"request": {"raw": "R0VUIC8gSFRUUDEuMQ=="}, "response": {"raw": "R0VUIC8gSFRUUDEuMQ=="}}]}'
Send a URL to burp's spider
Required Fields:
url (string)
curl -i http://127.0.0.1:8001/spider -X POST -H 'Content-type: application/json' -d '{"url": "https://stacktitan.com"}'
Get the contents of burp's cookie jar.
curl -i http://127.0.0.1:8001/jar
HTTP/1.1 200 OK
Date: Wed, 03 Aug 2016 14:48:13 GMT
Content-Type: application/json; charset=UTF8
Transfer-Encoding: chunked
Server: Jetty(9.3.z-SNAPSHOT)
[]
Add a cookie to burp's cookie jar.
Required fields:
domain (string)
expiration (string)
path (string)
name (string)
value (string)
curl -i http://127.0.0.1:8001/jar -X POST -H 'Content-type: application/json' -d '{"domain": "stacktitan.com", "expiration":"Oct 15, 2014 9:09:44 AM","name":"SID","value":"192891pj2ijf90u129", "path": "/"}'
HTTP/1.1 201 Created
Date: Wed, 03 Aug 2016 14:51:09 GMT
Content-Type: application/json; charset=UTF8
Transfer-Encoding: chunked
Server: Jetty(9.3.z-SNAPSHOT)
{"domain":"stacktitan.com","expiration":"Oct 15, 2014 9:09:44 AM","path":"/","name":"SID","value":"192891pj2ijf90u129"}
Performs an active scan against the provided request.
Required fields:
host (string)
port (int)
use_https (bool)
request (string, base64)
Returns a list of current active scan items.
Returns a scan item by id.
Stops the active scan item by id.
Runs a passive scan against a request/response pair.
Required fields:
host (string)
port (int)
use_https (bool)
request (string, base64)
response (string, base64)
Sends a request to a burp tool. Currently "intruder" and "repeater" are supported.
Required fields:
host (string)
port (int)
use_https (bool)
request (string, base64)
Creates an alert in burp's UI.
Required fields:
message (string)
Returns the entire sitemap.
Returns the sitemap matching the url provided, url should be base64 encoded.
Creates an entree in the sitemap.
Required fields:
host (string)
port (int)
protocol (string)
require (string, base64)
Optional fields:
response (string, base64)
highlight (string)
comment (string)
Returns burp's proxy history.
Enabled proxy intercept.
Disable proxy intercept.