0xdevalias
commented
6 years ago RE 1: To my knowledge/understanding, burp's API doesn't actually expose this functionality at all, so without reverse engineering/hacking support into it, none of these tools/extensions can actually provide that functionality at this stage. (See also: https://github.com/vmware/burp-rest-api/issues/35)
RE 2: Without thinking too deeply about the problem, I don't think active scan would be the right choice for this. If you're exposing the proxy port, you could just have your application make the request proxied through burp, and then I presume this would appropriately store the cookie in the cookie jar, and (assuming your settings are correct to use the cookie jar later) then use that for subsequent requests.
tomsteele
Hello,
First of all, thank you for all of your work on this project! A great add to Burp Suite Pro. I have two questions/issues I'm hoping someone can help with.
1) You can send a target to be spidered. Typically with manual use I'll run an Active Scan after the spider finishes. Is there any way from within BurpBuddy's API I can see if the spider queue is 0 to then move on to an active scan? I don't want to put an arbitrary wait time in my script and I don't want to scan prematurely, missing some of the sitemap.
2) I need to send a specific Request and have Burp perform that request. Is my best option to send it to the Repeater using the API or would it be better to do an Active Scan on a specific request? What I'm trying to do is post credentials to the application so I can do authenticated scanning. If I could automate a request, I could then store the cookies in the store. Any advice?
Thank you!