Burpsuite and Python
466 views
Skip to first unread message
Ashutosh J
Jan 6, 2016, 11:13:19 PM1/6/16
to null
Hi,
I am pretty new to programming and looking to create something.
Is there a way to use Burpsuite API in python where you can invoke burp from python code and carry out a spider and scan? Later you can fetch that spider results from script and show results as per the code logic?
Eg: I want to invoke Burp from python script to check an application for XSS attack. And when it finishes the scan, can I fetch the results in my python script and show them as output?
Thanks
Anant Shrivastava
Jan 6, 2016, 11:54:12 PM1/6/16
to null-...@googlegroups.com
Hi Ashutosh,
I remember there were multiple attempts to expose API's one such attempt i could find is http://forum.portswigger.net/thread/31/resty-burp-exposed-rest-json another https://github.com/integrissecurity/carbonator
from version 1.3.08 burp supports headless mode and this tool automates stuff using the headless mode https://www.redspin.com/it-security-blog/2010/09/advanced-burp-suite-automation-2/
another interesting approach with this regard is http://blog.dornea.nu/2013/08/02/howto-automate-burp-using-burp-extender-api/
Some of these might help you in building your project.
Hope this helps.
--
______________________________________________________________________________
null - Spreading the right Information
null Mailing list charter: http://null.co.in/section/about/null_list_charter/
______________________________________________________________________________
se7enth edition of nullcon Goa (Mar 9-12, 2016)
http://nullcon.net
---
You received this message because you are subscribed to the Google Groups "null" group.
To unsubscribe from this group and stop receiving emails from it, send an email to null-co-in+...@googlegroups.com.
Visit this group at https://groups.google.com/group/null-co-in.
For more options, visit https://groups.google.com/d/optout.
Ashutosh J
Jan 8, 2016, 1:28:03 AM1/8/16
to null
Thanks Anant. Its informative. Still figuring out what I can use from this. But its really helpful.
Mukthi Alva
Nov 14, 2016, 5:57:59 PM11/14/16
to null
Hi Ashutosh,
I tried following the steps available at http://blog.dornea.nu/2013/08/02/howto-automate-burp-using-burp-extender-api/#caea8340e2d186a540518d08602aa065
to automate burp-suite. The application starts. But, when I select "start burp" option, it throws an error saying "Failed to create project: NullPointerException". I do not get the burp
prompt either on the terminal as mentioned in the above blog.
Please help me to overcome from this problem. I am using free version of burp-suite(burpsuite_free_v1.7.10.jar) on kali linux. Please let me know if there is any alternate method
to automate burp-suite for SQL injection.
Waiting for the reply with anticipation!
Thank you!
Regards,
Mukthi Alva
Reply all
Reply to author
Forward
0 new messages