Add support for filtering issues by severity/confidence/paths when using /burp/report API

[tristanlatr]

Hello,

It would be very useful to be able to filter out the issues with severity marked as "Informations" from the generated report.

A new API parameter could be introduced specifying which severity level is the lower allowed in the report.

Are you aware of any other way we could make the reports generated by /burp/report API endpoint only list certain issues depending on severity ?

Thanks

[ikkisoft]

Hi @tristanlatr

We will be improving the Burp report export endpoint to allow selection of issues based on:

• Severity (High, Medium, Low, Information)
• Confidence (Certain, Firm, Tentative)
• Relative URL Paths. Note that we're already passing the target's scope (which is required before running a scan), but we can introduce additional path(s) selection to filter underneath URIs

Example of scan report: https://portswigger.net/burp/samplereport/burpscannersamplereport

Burp's Extender API gives us the ability to select the issues that we include in the final deliverable, so we will simply implement some filtering on Severity/Confidence/Path. See https://portswigger.net/burp/extender/api/burp/IBurpExtenderCallbacks.html#generateScanReport-java.lang.String-burp.IScanIssue:A-java.io.File-

The user will be able to specify multiple selections (e.g. I want a report containing High and Medium, or issues that are High and path is /login or /logout). In other words, it would be possible to filter based on one or more attributes.

[ikkisoft]

• We've just merged this change in master, and we will be probably making a new release in a month or so.

[tristanlatr]

Great thanks! I'll implement this feature in the python client: https://github.com/tristanlatr/burpa