I have started using the Burp Suite 2.0 beta full time recently, and some of the new features I knew I wanted to explore more was the API and the CI Integration.
This project is still in its *very* early stages, but if you want to play with what I have been working on below are directions to get started.
What You Need
- Burp Suite Professional 2.0
- API Running on 127.0.0.1:1337
- Burp Generic CI Driver
- Github Access Token
- BurpIssues.sh Script
Running The Script
Download BurpIssues.sh to the folder where you have burp-ci-driver-v1.0.5beta.jar saved.
Edit the following fields in the script:
Github_Auth_Token="YourToken"
Github_Repo_URL=”YourRepo"
min_severity_burp="low" # Can Be Info|Low|Medium|HighOnce that is done, running the script is as simple as:
./BurpIssues.sh domainyouhavepermissiontoscan.tld
Reminder: This is a full burp scan and can take anywhere from 10 mintues to many hours to complete depending on how big the site is.
What’s Next:
- Move From Gist To A Github Repo.
- Add More Fields The Issues
- Identify Duplicate Issues
- Kenna Integration
- JIRA / Service Now Tickets
- Customizable Scanning and Crawling Profiles
- Docker Container / VPS Build Script
Closing Thoughts
While I am just getting started with the CI tool, I was impressed that this only took 20 lines of shell code. I plan on building out a lot more functionality and error checking over the next few months.
If you have any
