Scan POST requests

[c0rv4x]

Hey!

Is there an option to scan POST requests? Couldn't find it in the docs

Thanks!

[tristanlatr]

Hi @c0rv4x ,

I assume you mean scanning a form URL with the Burp Suite Intruder ? I don't think that's part of the APIs.

Burpa is only a wrapper around existing Burp Suite APIs.

Currently, burpa uses the official REST API to launch the scan, the API help looks like that:

So if you think there is something to do, please be more specific regarding what exactly :)

Thanks,

[Regala]

From what I remember you can do this by:

• Proxying the POST request into burp
• Issue a scan for that URL; since it's in the proxy history/sitemap it should be picked up and scanned

[c0rv4x]

@tristanlatr yeah dude, their api doesn't support that. I was hoping you found a nice workarount @Regala wow. that would be great. Will try it. Thanks!

[Regala]

np lemme know if you confirm that works so I can start using this project too :P

On Mon, Jun 21, 2021 at 9:38 PM Anatoly @.***> wrote:

@tristanlatr https://github.com/tristanlatr yeah dude, their api doesn't support that. I was hoping you found a nice workarount @Regala https://github.com/Regala wow. that would be great. Will try it. Thanks!

— You are receiving this because you were mentioned. Reply to this email directly, view it on GitHub https://github.com/tristanlatr/burpa/issues/3#issuecomment-865328386, or unsubscribe https://github.com/notifications/unsubscribe-auth/AAKRBL6J7B7CBOA6LHFKET3TT6PKNANCNFSM46VZWJLQ .

[c0rv4x]

I am not planning to use burpa at the moment as we have our own implementation of this thing, but it seems that your method doesn't really work. I have added POST request and started scanning that URL and the POST request is not active scanned :(