Headless, Unattended Scanning in Burp Suite Professional 2.0 with Seltzer

2020-05-29T17:37:34
ID COALFIRE:2AFAC1192599FCCCB7C823A9FD1DA51C
Type coalfire
Reporter The Coalfire Blog
Modified 2020-05-29T17:37:34

Description

Burp Suite Professional (Burp) is one of the best tools available for penetration testers. It is feature-rich, intuitive, well-supported, and customizable. However, it can be difficult to use Burp for headless, unattended scanning. Alternatives such as Burp Suite Enterprise exist, but those of us with Burp Suite Professional may want to leverage it to perform this type of work. For years, my tool of choice for this has been the Burp extension Carbonator. Available in the BApp Store, Carbonator provides a means to interact with Burp via the command line, scanning a target and exporting the results as HTML. It is a great extension that has worked well, until the release of Burp 2.0.