- 24 Mar 2022
- 2 Minutes to read
- Print
- DarkLight
- PDF
Burp Suite
- Updated on 24 Mar 2022
- 2 Minutes to read
- Print
- DarkLight
- PDF
Burp Suite is a penetration testing and vulnerability finder tool often used for checking web application security.
Types of Assets Fetched
This adapter fetches the following types of assets:
- Devices
Parameters
Host Name or IP Address (required, default: empty) - The hostname or IP address of the Burp Suite server.
API Key (required, default: empty) - An API Key associated with a user account that has permissions to fetch assets.
Verify SSL (required, default: False) - Choose whether to verify the SSL certificate of the server against the CA database inside of Axonius. For more details, see SSL Trust & CA Settings.
HTTPS Proxy (optional, default: empty) - Connect the adapter to a proxy instead of directly connecting it to the domain.
HTTPS Proxy User Name (optional, default: empty) - The user name to use when connecting to the value supplied in Host Name or IP Address via the value supplied in HTTPS Proxy.
- When supplied, Axonius authenticates with this value when connecting to the value supplied in HTTPS Proxy.
- When not supplied, Axonius does not perform authentication when connecting to the value supplied in HTTPS Proxy.
HTTPS Proxy Password (optional, default: empty) - The password to use when connecting to the server using the HTTPS Proxy.
To learn more about common adapter connection parameters and buttons, see Adding a New Adapter Connection.
APIs
Axonius uses the Burp Suite Enterprise Edition GraphQL API.
Accessing the API requires creating an API user in the Burp Suite Enterprise Edition. This will generate an API key that you can use to authenticate any requests that you send to the API.
To obtain an API key:
- Log in to the Burp Suite Enterprise Edition web UI as an administrator.
- From the Burger menu, navigate to the Team page.
- On the Users tab, select New user.
- Enter a name and username that will help you subsequently identify the user, such as "GraphQL API User".
- Enter an email address, such as the email address of the admin user.
- Select the API key login type.
- Save your changes.
- When prompted, copy your new API key and save it to a secure location.
Required Permissions
The value supplied in API Key must be associated with credentials that have permissions to fetch assets.
Version Matrix
This adapter was only tested with the versions marked as supported, but may work with other versions. Contact Axonius Support if you have a version that is not listed, which is not functioning as expected.
Version | Supported | Notes |
---|---|---|
Burp Suite Enterprise Edition 2022.1 | Yes |
Supported From Version
Supported from Axonius version 4.5