Active scan not running

[sivassk7]

Hi, while running the below command using headless burp, only proxy service is getting started and scan is not running. root@ubuntu-s-1vcpu-1gb-blr1-02:/home/infosec/BurpSuitePro# java -Xmx1G -Djava.awt.headless=true \

-classpath headless-burp-scanner-master-SNAPSHOT-jar-with-dependencies.jar:burpsuite_pro.jar burp.StartBurp \ --unpause-spider-and-scanner \ --project-file=/data/burp/project.burp -c c/data/burp/config.xml Your JRE appears to be version 11.0.7 from Ubuntu Burp has not been fully tested on this platform and you may experience problems. WARNING: An illegal reflective access operation has occurred WARNING: Illegal reflective access by burp.dvx (file:/home/infosec/BurpSuitePro/burpsuite_pro.jar) to method java.lang.ClassLoader.defineClass(java.lang.String,byte[],int,int) WARNING: Please consider reporting this to the maintainers of burp.dvx WARNING: Use --illegal-access=warn to enable warnings of further illegal reflective access operations WARNING: All illegal access operations will be denied in a future release Suite: Running as super-user, embedded browser sandbox will be disabled. Proxy: Proxy service started on 127.0.0.1:8080

[drequil]

Hi @sivassk7 , for active scanning similar to Anand's scenario D, (https://github.com/NetsOSS/headless-burp/#scenario-d-scan-more-than-just-get-requests-use-data-derived-from-running-functional-tests-as-input-to-the-scan)

...before running the headless burp I think you need to open Burp UI normally and set up a .burp project and set up an active scan. In my case, I set up a sitemap and one active scan task but exit out of Burp BEFORE the scan task even finishes crawling. I then use this .burp file as the input for --project-file. Let us know if performing this step helps you.