Burptrast, Contrast Security Integration

This extension integrates Burp Suite with Contrast Security's Teamserver (Assess), allowing users to import application metadata, endpoints, and vulnerability details directly into their Burp testing workflow.

Features

• Imports endpoints discovered by Contrast Assess into Burp's site map.
• Loads full HTTP requests associated with Assess vulnerabilities, including path parameters, methods, and request bodies.
• Live Browsing: Adds a correlation ID to proxied requests so that Assess can push detected vulnerabilities into Burp's Issues tab in near real-time.
• Supports API-based authentication via YAML credentials file.
• Compatible with both Contrast's full and community editions.
• Respects Burp Suite's upstream and SOCKS proxy settings.

Usage

1. In the extension tab, upload a YAML file containing your Contrast credentials:
   • api_key
   • service_key
   • user_name
   • teamserver_url
2. Select your application from the dropdown list.
3. Enable "Live Browsing" to automatically correlate proxied requests with Assess findings.
4. Browse the target application through Burp Proxy; endpoints and issues will populate in the site map and Issues tab.