-
Notifications
You must be signed in to change notification settings - Fork 37
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Expose recorded login API to the 'burpa scan' command #5
Comments
Hi @tristanlatr , Can we use 'recorded-login-script' command in Burpa. If so how to use, please share the example to use this. |
Hi @ganesh2183, this feature is not implemented yet. Any contributions would be appreciated. Please have a look at the |
@tristanlatr i have tried to add recorded login api in burpa command. when i pass recorded script in command, getting "json.decoder.JSONDecodeError: Invalid \escape: line 10 column 77 (char 560)". Any idea why getting this error, how to fix this. |
This error means you are constructing an invalid JSON string in the data variable. |
@tristanlatr i tried again, now i m getting as '400 Client Error: Bad Request...' Response: {"type":"ClientError","error":"could not parse recorded login sequence to JSON"} Any idea what to do, how to fix this?? Can i share the code with my changes. |
Yes please open a pull request such that I can see your changes. Thanks. |
As you said there is issue with constructing the JSON string, the recorded script provided in command prompt/powershell as input for recorded_login_script argument it is not able to parse JSON string as expected by burp tool. It accepts if i replace in recorded script with triple backslash with double quotes from " to parse JSON. For ex: [{\"name\": \"Burp Suite Navigation Recorder\", \"url\": \"https://example.com/login/index.html#/home\", \"isIframe\": false}] Also I tried using json.dumps() in code, still it is not working. Can you help to fix the issue. |
Hello @ganesh2183, Please read up on contributing with git to open one pull request with your changes, so I can test it and give a better review, and eventually, merge your work into this project. Also, by looking at the code you proposed, it looks like you replaced the username/password authentication by the recorded login system. If you want to contribute, the changes should be compatible, so both options should be supported. Regarding the JSON parsing, maybe the script should be read from a file, that would be more simple for parsing the JSON ? |
@tristanlatr Do you want me to do pull request again. i will add both authentication method. I'm very new to python coding. Also can you help me how to add script to read json script file to parse the json. Is it possible to connect ? |
@tristanlatr I have open one pull request with both authentication methods. Please have a look and let me know. Need your help to add script to read json script fill to parse the json. |
@tristanlatr Any update on this? |
It would quite simple to add
--recorded-login-label <string>
and--recorded-login-script <string or path>
that fills the following active scan params:The text was updated successfully, but these errors were encountered: