OpenAPI Parser is an extension aimed at streamlining the process of performing web service assessments involving OpenAPI based APIs.
This extension provides the following features:
- OpenAPI documents can be parsed either from a supplied file or URL. The extension can fetch OpenAPI documents directly from a URL using the "Send to Swagger Parser" feature under the "Target -> Site map" context menu.
- Parse OpenAPI documents, formerly known as the "Swagger specification", fully compliant with OpenAPI 2.0/3.0 Specifications (OAS).
- Requests can be directly viewed/edited within the extension prior to sending them to other Burp tools.
- Requests can be sent to the "Comparer, Intruder, Repeater, Scanner, Site map and Scope" Burp tools.
- Requests matching specific criterias (detailed in the "Parameters" tab) can be intercepted to automatically match and replace the parsed parameters default values defined in the "Parameters" tab. This feature allows for fine-tuning of the requests prior to sending them to other Burp's tools (e.g., scanner). Edited requests can be viewed within the "Modified Request (OpenAPI Parser)" tab of Burp's message editor.
- Row highlighting allowing pentesters to highlight "interesting" API calls and/or colour code them for reporting purposes.
- Supports both JSON and YAML formats.
|Author||Alexandre Teyar, Aegis Cyber (www.aegiscyber.co.uk)|
|Last updated||04 February 2022|
You can install BApps directly within Burp, via the BApp Store feature in the Burp Extender tool. You can also download them from here, for offline installation into Burp.
|You can view the source code for this BApp by visiting our GitHub page.|
|Follow @BApp_Store on Twitter to receive notifications of all BApp releases and updates.|
Please note that extensions are written by third party users of Burp, and PortSwigger Web Security makes no warranty about their quality or usefulness for any particular purpose.