headless-burp icon indicating copy to clipboard operation
headless-burp copied to clipboard
verified publisher icon NetsOSS

Report wasn't generated after scan finished

Open IgorSasovets opened this issue 7 years ago • 10 comments

Hi, team! I faced with next issue: after headless-burp-scanner finished its work and terminated there wasn't generated report in project folder. Scan which had 17 urls in scope took approximately 6 hours to complete. I reviewed generated Burp project file in UI mode and didn't find any errors, all tasks were completed. What could go wrong in this case? Thanks in advance!

IgorSasovets avatar Apr 01 '19 07:04 IgorSasovets

Here is my config file:

<?xml version="1.0" encoding="UTF-8"?>
<config>
  <reportType>HTML</reportType>
  <targetSitemap><![CDATA[http://localhost:5000/api/]]></targetSitemap>
  <scope>
<url><![CDATA[http://localhost:5000/api/auth/]]></url>
<url><![CDATA[http://localhost:5000]]></url>
<url><![CDATA[http://localhost:5000/api]]></url>
<url><![CDATA[http://localhost:5000/api/account]]></url>
<url><![CDATA[http://localhost:5000/api/account/accept]]></url>
  </scope>
</config>

IgorSasovets avatar Apr 01 '19 07:04 IgorSasovets

@IgorSasovets have you manage to find a fix, bud ?

0xm4ud avatar Dec 19 '19 22:12 0xm4ud

Hi, @m4udSec ! Unfortunately, no. I was forced to use BurpSuite REST API because after upgrade to the latest BurpSuite Pro version scan didn't start at all.

IgorSasovets avatar Dec 20 '19 09:12 IgorSasovets

Hi @IgorSasovets are you able to generate report through BurpSuite Rest API? if yes, can you please help me how to do it?

Anurag599 avatar Mar 30 '22 07:03 Anurag599

Hello @Anurag599 , unfortunately no. I managed to achieve my goals using burp-rest-api tool. So far, it works well with the latest versions of Burp Suite

IgorSasovets avatar Mar 30 '22 17:03 IgorSasovets

Hello, @IgorSasovets. Can't you generate a report with burp-rest-api either? I'm making a project where I'm supposed to send an xml report from Burp to DefectDojo, a tool that would store and do the management of the vulnerabilities, but it seems to be impossible to generate a report with headless burp.

gabriel-cardoso-dev avatar Apr 14 '22 16:04 gabriel-cardoso-dev

Hello @IgorSasovets , How are you able to generate report using burp-rest-api? It would be great help if you share some sort of solution.

Anurag599 avatar Apr 14 '22 17:04 Anurag599

@gabriel-cardoso-dev , @Anurag599 , in order to generate report using burp-rest-api tool you should do the following (I assume that at the moment of generating report active scan is done and your target domain name was added to scope):

curl -X GET "http://localhost:8090/burp/report?reportType=HTML&urlPrefix=http%3A%2F%2Fexample.com"

where http%3A%2F%2Fexample.com represents the tested application URL. More details about the allowed APIs can be reviewed in the documentation.

IgorSasovets avatar Apr 14 '22 20:04 IgorSasovets

Thank you very much @IgorSasovets , I'll try it out!

gabriel-cardoso-dev avatar Apr 14 '22 22:04 gabriel-cardoso-dev

Thanks a lot @IgorSasovets, I tried and it is working perfectly fine.

Anurag599 avatar Apr 28 '22 10:04 Anurag599