Headless Burp. Auto SCAN. Initiated the Burp in Project loaded mode. about headless-burp HOT 13 CLOSED

Try adding another param --unpause-spider-and-scanner. This will ensure that hte spider/scanner is not paused upon launch (I believe that is the default setting).

Also, you can also try to install the extension from BApp store instead.

Let me know if it this fixes your issue

from headless-burp.

Thanks Anand. Didn't know you reply so early. Will try and let you know. I have added the extension from BApp Store.

from headless-burp.

I have now updated the documentation to include --unpause-spider-and-scanner in this commit

from headless-burp.

@Stringz Can I close the issue now?

from headless-burp.

@anandsudhir No Anand.

The Burp is not running Scanner. My Scanner Queue is empty. Can you guide me, as to how and which logs should I provide you to debug or anything that could be helpful for you.

What I have done is following.

• Ran the Temporary Project of Burp.

• Proxied the Burp through a Browser providing all the areas of my Application.

• Add the SCOPE to include my Application in it.

• Saved the project by providing my Project Name. (projectName.burp)

• Saved the Project Options (JSON file)

• Saved the User Options. (JSON file)

• Closed the BURP.

• Now I am running Burp through command line to open my saved project and run the scanner using this command line.

`
java -Xmx2G -classpath headless-burp-scanner-master-SNAPSHOT-jar-with-dependencies.jar;"C:\Program Files\BurpSuitePro_v1.7.37\burpsuite_pro.jar" burp.StartBurp --project-file="E:\Burp_sessions\IRIS.burp" -c config.xml --use-defaults --unpause-spider-and-scanner

`

from headless-burp.

What do you have in the config.xml? Did you follow the instructions as on the the documentation?

Make sure you specify the site map url correctly in the config.xml

The extension seem to work very well for a lot of ppl out there so I suspect something is off with your config.

Also, you should get some "logs" in the alerts tab on burp or on the console if you run it headless. Could you paste the logs here?

from headless-burp.

Hi Anand.

The Burp ran automatically via command line, not headless, GUI was displayed, but the Scanner is sending URLs to spider and it is stuck over sending the urls, not scanning at all.

Please find my config.xml changed to config.txt, ALERTS Tab Export and Logs.

config.txt
Alerts.txt
Logs.txt

from headless-burp.

Your logs show that the extension is sending the urls to the scanner. So, basically. Doing what it is supposed to do.
But seems that the scanner maybe paused. Could you try and manually start it this once n see if that works? It could be some weird local setup overriding the u pause scanner option?

from headless-burp.

also, what is the --use-defaults for? Perhaps you should get rid of it and try

from headless-burp.

Hi
this is the new command.
java -Xmx2G -classpath headless-burp-scanner-master-SNAPSHOT-jar-with-dependencies.jar;"C:\Program Files\BurpSuitePro_v1.7.37\burpsuite_pro.jar" burp.StartBurp --project-file="E:\Burp_sessions\IRIS.burp" -c "E:/Burp_sessions/config.xml"

Still, the BURP is waiting for the spider to finish. Then the Scan will run.

any way, that scan could be ran ?
Logs_1.txt
Alerts_1.txt
config.txt

from headless-burp.

I am not sure I understand, the whole spider and scan process does take a lot of time. Especially when you have a lot of urls and requests to be scanned. In some of the projects I have used burp on, the scan takes quite a few hours and thsts why I run it as a nightly build.

So, I am sorry, you just have to wait until the scan is finished.

from headless-burp.

Could you also try and run it once with a smaller load? This is just to verify whether my theory about the large volume of scan requests is the culprit here

from headless-burp.

@Stringz please reopen the issue if the previous didn't help

from headless-burp.