Burptrast, Contrast Security Integration

Burptrast is designed to pull endpoint information from Teamserver and import it into Burp's sitemap. The endpoints come from two sources.

• Assess Vulnerability information.
• Endpoints detected by the agent.

The full HTTP Request that generated the Vulnerability is stored in TS and is available via the API. This is imported into Burp. While there is likely to be relatively few of these, they do have the advantage of having the information required to trigger the endpoint. Request/Path Params, Message Body etc. Endpoints detected by the agent will only have the Path and the HTTP Method.

Live browsing

Live Browsing when enabled, allows you to explore the application via the Burp proxy and get real time feedback from Assess. It works by adding a Correlation ID Header to every HTTP request, when a vulnerability is found in Assess that is linked to one of your HTTP requests, it is automatically added to the Burp Issue tab within a few seconds of the request being made, giving near realtime feedback of your exploration / pentest from Assess directly into your Burp UI.

To use this feature you need to do the following.

• Select the Application in the Application drop down.
• Enable Live Browsing
• Browse the application via the Burp Proxy

For further usage instructions, please refer to the GitHub repository.