Burp Suite Ci Integration

  1. Burp Suite Ci Integration System
  2. Burp Suite Ci Integration Tool

Jul 30, 2020 Getting Started with Burp Suite. Burp Suite is a very powerful tool for manipulating websites to find vulnerabilities. The community edition will work fine but is much slower than the Professional version. You can use the community edition to learn however if you are serious you should support the product and purchase it ($400/year). An integrated platform specially intended for users who need to perform security testing of web applications, while crawling content and functionality Burp Suite is a reliable and practical. Burp Suite Enterprise Edition The enterprise-enabled web vulnerability scanner. Burp Suite Professional The world's #1 web penetration testing toolkit. Burp Suite Community Edition The best manual tools to start web security testing. View all product editions.

HomeAzure CybersecurityHow to integrate Burp Suite for security automation in Microsoft Azure DevOps..

I need to be honest, not so much information around about how to integrate Burp Suite with Microsoft DevOps or TFS, this is why I am writing this article.

Burp suite is a top platform for penetration testing, we can use it for a lot of different scopes, for people working in cybersecurity Burp Suite is a must to have.

Burp Suite offers three versions, Free, Professional and Enterprise, Burp Suite also provides integration for automation testing with Selenium and Jenkins, check below

What about Microsoft stack, the last version of Burp Suite offer the possibility to expose some API to trigger some events like scanning and retrieve information.
Below how to do that.

First, we need to install Burp Suite Professional edition from here

Form users option enable the API and select the bind address, in this case I selected all interfaces, in this way I can test using my machine name as well.

Open a browser and navigate to

Integration

Below a quick example about how to trigger the Burp Suite API using C#
I put the picture as a quick reference, nothing complicates with that, just an HTTP call, you can download the example below

The code below returns the scan status and the task number in the HTTP header (not sure why it is named Location)

We can trigger these actions from any type of code or scripting, this is why I think this is the best solution to use for Microsoft Platform.

There is also the option to use, like the login parameters, configuration name or the scope we want to use, so I think pretty cool stuff to use.

Launchkey mini is Novation most compact and portable 25-mini-key MIDI keyboard controller. It gives you everything you need to start creating in Ableton Live – and it’ll fit in your bag. Make tracks anywhere with launchkey Mini’s deep, intuitive Ableton control, arpeggiator, fixed chord mode, MIDI out, and tons of sounds in the box. By default, the Launchkey Mini MK3 should be autodetected by Ableton Live 10.1.1 and later. If this does not work, or you have changed the settings, these are the settings to revert back to: Ensure to select 'Launchkey Mini MK3' for the Control Surface and for the Input & Output select the second port, 'Launchkey Mini MK3 (DAW Port)'. Launchkey mini mk3 ableton. The Launchkey Mini Mk3 is supported in Live 10.1.1 or later so it will not function to its full potential in Live 9, but if you have an older version of Ableton you can use it as a generic/basic MIDI controller.

About the Burp Suite installation, we can use a dedicated VM in Azure or a Docker image with Kali and Burp Suite.

If you decide on the Docker way you can use the steps below:

Install Docker, if you use Windows download from her

Burp

If you use Linux from apt-get as below

apt-get install docker.io

docker run hello-world

Create the Docker container, if you like Ubuntu use below

Burp Suite Ci Integration System

docker run -ti –name burprestapi -h burpapi -p 8090:8090 -p 8080:8080 ubuntu:latest /bin/bash

Burp Suite Ci Integration

if you like Kali use below

docker run -ti –name burprestapi -h burpapi -p 8090:8090 -p 8080:8080 kalilinux/kali-linux-docker /bin/bash

Burp Suite Ci Integration Tool

Download the Burp Suite installation for Linux x64 from here

In the Docker container enter in the opt folder

Burp Suite Ci Integration

Copy the .sh installation file, from the container execute the command below

docker cp burpsuite_pro_linux_v2_0_15beta.sh burprestapi:/opt/

And install Burp Suite as below

bash burpsuite_pro_linux_v2_0_15beta.sh

Enter in the Burp Suite folder

[email protected]:/opt# cd BurpSuitePro/

Execute the installation

Integration

[email protected]:/opt/BurpSuitePro# ./BurpSuitePro

Accept the license, enter the key and you now have a Burp Suite instance running in a Docker container.

This is very interesting for the automation testing scenario, because we are much more dynamic and scalable.
The Docker option is also convenient, we can execute the container everywhere.

I am always happy and available for questions and chat, feel free to contact me by email or other social channels.