Professional

Burptrast, Contrast Security Integration

This extension integrates Burp Suite with Contrast Security's Teamserver (Assess), allowing users to import application metadata, endpoints, and vulnerability details directly into their Burp testing workflow.

Features

  • Imports endpoints discovered by Contrast Assess into Burp's site map.
  • Loads full HTTP requests associated with Assess vulnerabilities, including path parameters, methods, and request bodies.
  • Live Browsing: Adds a correlation ID to proxied requests so that Assess can push detected vulnerabilities into Burp's Issues tab in near real-time.
  • Supports API-based authentication via YAML credentials file.
  • Compatible with both Contrast's full and community editions.
  • Respects Burp Suite's upstream and SOCKS proxy settings.

Usage

  1. In the extension tab, upload a YAML file containing your Contrast credentials:
    • api_key
    • service_key
    • user_name
    • teamserver_url
  2. Select your application from the dropdown list.
  3. Enable "Live Browsing" to automatically correlate proxied requests with Assess findings.
  4. Browse the target application through Burp Proxy; endpoints and issues will populate in the site map and Issues tab.

Author

Author

Contrast Security OSS

Version

Version

1.5.0

Rating

Rating

Popularity

Popularity

Last updated

Last updated

28 July 2025

Estimated system impact

Estimated system impact

Overall impact: Medium

Memory
Medium
CPU
Low
General
Low
Scanner
Low

You can install BApps directly within Burp, via the BApp Store feature in the Burp Extender tool. You can also download them from here, for offline installation into Burp.

You can view the source code for all BApp Store extensions on our GitHub page.

Follow @BApp_Store on Twitter to receive notifications of all BApp releases and updates.

Please note that extensions are written by third party users of Burp, and PortSwigger Web Security makes no warranty about their quality or usefulness for any particular purpose.

Go back to BappStore

Note:

Please note that extensions are written by third party users of Burp, and PortSwigger Web Security makes no warranty about their quality or usefulness for any particular purpose.