- 30 Apr 2025
- 2 Minutes to read
- Print
- DarkLight
- PDF
Burp Suite
- Updated on 30 Apr 2025
- 2 Minutes to read
- Print
- DarkLight
- PDF
Burp Suite is a penetration testing and vulnerability finder tool often used for checking web application security.
Types of Assets Fetched
This adapter fetches the following types of assets:
- Devices, Vulnerabilities, SaaS Applications, Domains & URLs
Parameters
Host Name or IP Address (required) - The hostname or IP address of the Burp Suite server.
API Key (required) - An API Key associated with a user account that has permissions to fetch assets.
Verify SSL - Choose whether to verify the SSL certificate of the server against the CA database inside of Axonius. For more details, see SSL Trust & CA Settings.
HTTPS Proxy (optional) - Connect the adapter to a proxy instead of directly connecting it to the domain.
HTTPS Proxy User Name (optional) - The user name to use when connecting to the value supplied in Host Name or IP Address via the value supplied in HTTPS Proxy.
HTTPS Proxy Password (optional) - The password to use when connecting to the server using the HTTPS Proxy.
To learn more about common adapter connection parameters and buttons, see Adding a New Adapter Connection.
Advanced Settings
Advanced settings can either apply to all connections for this adapter, or to a specific connection. Refer to Advanced Configuration for Adapters.
- Include JIRA tickets - Select this option to include JIRA tickets.
- Include false positives - Select this option to include false positives.
To learn more about Adapter Configuration tab advanced settings, see Adapter Advanced Settings.
APIs
Axonius uses the Burp Suite Enterprise Edition GraphQL API.
Accessing the API requires creating an API user in the Burp Suite Enterprise Edition. This will generate an API key that you can use to authenticate any requests that you send to the API.
To obtain an API key:
- Log in to the Burp Suite Enterprise Edition web UI as an administrator.
- From the Burger menu, navigate to the Team page.
- On the Users tab, select New user.
- Enter a name and username that will help you subsequently identify the user, such as "GraphQL API User".
- Enter an email address, such as the email address of the admin user.
- Select the API key login type.
- Save your changes.
- When prompted, copy your new API key and save it to a secure location.
Required Permissions
The value supplied in API Key must be associated with credentials that have permissions to fetch assets.
Version Matrix
This adapter was only tested with the versions marked as supported, but may work with other versions. Contact Axonius Support if you have a version that is not listed, which is not functioning as expected.
Version | Supported | Notes |
---|---|---|
Burp Suite Enterprise Edition 2022.1 | Yes |
Supported From Version
Supported from Axonius version 4.5