search

1N3 / Sn1per

Attack Surface Management Platform
https://sn1persecurity.com
Other
7.9k stars 1.82k forks source link

Burpsuite Pro Integration Not Working #300

Closed 1N3 closed 3 years ago

1N3 commented 3 years ago

@digitizeddude

In response to zap not functioning the way i need it to for this one engagement, i pulled the trigger on purchasing Burpsuite pro because i need to get more web app information. I ran in to another issue with it however as it relates to sn1per/pro. I'm just trying to get integration working between BurpSuite Pro and i can't seem to get it to operate with Sniper Pro properly. I've removed Burp Community to be safe on Kali 2020.3 and i've installed Burp using the downloadable shell install script file from Portswigger. I know Burp Pro works because i can run it manually on targets. I've made the changes using the integration instructions found on the sn1per github project site. However, when i run the scan all i get is this below: ====================================================================================•x2020-11-11x• RUNNING BURPSUITE SCAN ====================================================================================•x2020-11-11x•

[-] SCAN #1: [-] SCAN #2: [-] SCAN #3: [-] SCAN #4: [-] SCAN #5: [-] SCAN #6: [-] SCAN #7: [-] SCAN #8: [-] SCAN #9: [-] SCAN #10: [-] SCAN #11: [-] SCAN #12: [-] SCAN #13: [-] SCAN #14: [-] SCAN #15: [-] SCAN #16: [-] SCAN #17: [-] SCAN #18: [-] SCAN #19: [-] SCAN #20: [-] SCAN #21: [-] SCAN #22: [-] SCAN #23: [-] SCAN #24: [-] SCAN #25: [-] SCAN #26: [-] SCAN #27: [-] SCAN #28: [-] SCAN #29: [-] SCAN #30: [+] VULNERABILITIES:

The sn1per web scan doesn't get any further even though I've made the integration changes on the Burp suite Misc tab.

digitizeddude commented 3 years ago

FYI: I ran the sn1per scan on testfire.net and i got the same error.

1N3 commented 3 years ago

Just tried testfire.net using the latest Kali and Burpsuite Pro releases and everything is working on my end. It seems that there is an error in communicating with the Burp API based on your output.

Please confirm the REST API config under User Options > Misc that the service is running and allowed without an API key and that the service URL is listening on all interfaces and listening on port 1338/tcp.

After, confirm your /root/.sniper.conf configuration has the following settings to match:

# BURP 2.0 SCANNER CONFIG
BURP_HOST="127.0.0.1"
BURP_PORT="1338"
BURP_SCAN="1"

I suspect either the Sn1per config doesn't match the Burp configuration or the Burp configuration is missing a crucial setting mentioned above. Let me know.

1N3 commented 3 years ago

Closing out for now, but let me know if it's still an issue and I will re-open.