Professional
Burptrast is designed to pull endpoint information from Teamserver and import it into Burp's sitemap. The endpoints come from two sources.
The full HTTP Request that generated the Vulnerability is stored in TS and is available via the API. This is imported into Burp. While there is likely to be relatively few of these, they do have the advantage of having the information required to trigger the endpoint. Request/Path Params, Message Body etc. Endpoints detected by the agent will only have the Path and the HTTP Method.
Live browsing
Live Browsing when enabled, allows you to explore the application via the Burp proxy and get real time feedback from Assess. It works by adding a Correlation ID Header to every HTTP request, when a vulnerability is found in Assess that is linked to one of your HTTP requests, it is automatically added to the Burp Issue tab within a few seconds of the request being made, giving near realtime feedback of your exploration / pentest from Assess directly into your Burp UI.
To use this feature you need to do the following.
For further usage instructions, please refer to the GitHub repository.
Author |
Author
Contrast Security OSS |
---|---|
Version |
Version
1.4 |
Rating |
Rating |
Popularity |
Popularity |
Last updated |
Last updated
26 November 2024 |
Estimated system impact |
Estimated system impact
Overall impact: Medium
Memory
Medium
CPU
Low
General
Low
Scanner
Low
|
You can install BApps directly within Burp, via the BApp Store feature in the Burp Extender tool. You can also download them from here, for offline installation into Burp.
|
You can view the source code for all BApp Store extensions on our GitHub page. |
|
Follow @BApp_Store on Twitter to receive notifications of all BApp releases and updates. |
Please note that extensions are written by third party users of Burp, and PortSwigger Web Security makes no warranty about their quality or usefulness for any particular purpose.
Please note that extensions are written by third party users of Burp, and PortSwigger Web Security makes no warranty about their quality or usefulness for any particular purpose.