New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Help Us Shape The Future of burp-rest-api #75

Open
ikkisoft opened this Issue Nov 1, 2018 · 2 comments

Comments

Projects
None yet
3 participants
@ikkisoft
Collaborator

ikkisoft commented Nov 1, 2018

Since the first commit of this project (back in 2016), burp-rest-api has been the default tool for Burp-powered web scanning automation. Many security pros and organizations have relied on this extension to orchestrate the work of Burp Scanner.

With the release of Burp Suite Professional 2.x (beta), things will change. The newly released version of Burp includes a native Rest API. While the current functionalities are very limited, this is going to change.

In the initial release, the REST API supports launching vulnerability scans and obtaining the results. Over time, additional functions will be added to the REST API.

While it's great that Burp users will finally benefit from a native Rest API, this new feature makes us wonder if it even makes sense to work on the project in its current state. We look forward to hearing from you whether / how burp-rest-api can still provide value. Help us shape the future of this project.

Thank you for your support so far!

The burp-rest-api contributors team

@Crimdrac

This comment has been minimized.

Crimdrac commented Nov 7, 2018

In my company we start using Burp Suite to automate security scanning as part of the CI/CD build pipeline. The burp-rest-api is an essential component to achieve the required level of automation. I've looked at the new Rest API of Burp Suite Professional 2.0 and in its current state the API is too limited for our testing approach.
I am not convinced that the official Burp API will eventually provide the same functionality as burp-rest-api. The reason being that with the new Burp Enterprise there is no real incentive for Portswigger to facilitate automation for Burp Suite.
That said, I am very grateful for all the work that went into burp-rest-api and I am definitely interested in supporting this project.

@ajbr0wn

This comment has been minimized.

ajbr0wn commented Nov 14, 2018

Just to add another voice, I am also interested in continued support of this project. The new Rest API is not only limited in functionality, but it also has a larger price tag (not sky high, but) - so if there's a tool with customizability and more functionality for free, I think that's incredibly valuable.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment